恶意软件分析:基于PHP的skimmer暗示Magecart活动仍在继续
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/qq5rfBadR38Be1kM5rEicDXb0mZnziaD7XMpWJnCWo0jBVIVbyXHarianac4yDhdv4VzTpPnUlyxfXjpUOeIkIVMA/640?wx_fmt=jpeg&tp=webp&wxfrom=5&wx_lazy=1&wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
<h2 style="color: black; text-align: left; margin-bottom: 10px;">概述</h2>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Web skimming<span style="color: black;">针对</span>在线商城和网购用户<span style="color: black;">来讲</span>,仍然是一种非常严重的安全威胁。在这一<span style="color: black;">行业</span>,从普通业余<span style="color: black;">兴趣</span>者,到国家级别的黑客组织(<span style="color: black;">例如</span>说<span style="color: black;">Lazarus</span>),网络犯罪分子的<span style="color: black;">繁杂</span>程度各不相同。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">在安全方面,许多电子商务网站仍然容易受到攻击,<span style="color: black;">由于</span>它们<span style="color: black;">数年</span>来都<span style="color: black;">无</span>升级过<span style="color: black;">她们</span>的内容管理软件(CMS)。<span style="color: black;">咱们</span>今天看到的活动是关于<span style="color: black;">有些</span>Magento1网站的,而这些网站<span style="color: black;">已然</span>被一个非常活跃的skimmer组织所入侵了。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">经过</span>分析后<span style="color: black;">咱们</span><span style="color: black;">发掘</span>,去年秋天被<span style="color: black;">发掘</span>的Magecart Group 12<span style="color: black;">便是</span>Magento 1攻击事件<span style="color: black;">背面</span>的始作俑者,而这个组织<span style="color: black;">此刻</span>仍在继续传播新的恶意软件。网络犯罪分子会利用这些被<span style="color: black;">叫作</span>为Smilodon或Megalodon的Wen Shell并<span style="color: black;">经过</span>服务器端请求将JavaScript skimming代码加动态加载进在线商城站点中。这种技术非常有意思,<span style="color: black;">由于</span>大<span style="color: black;">都数</span>客户端安全工具都<span style="color: black;">没法</span>检测或阻止skimmer。</p>
<h2 style="color: black; text-align: left; margin-bottom: 10px;">Web Shell以favicon的形式<span style="color: black;">隐匿</span></h2>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">在对Magento 1网站<span style="color: black;">运用</span>网络爬虫进行分析时,<span style="color: black;">咱们</span>检测到了一个伪装成favicon图标的新型恶意软件。其中,文件名为Magento.png的文件会尝试将其以“image/png”传递,但该文件并<span style="color: black;">无</span>正确的合法图像文件PNG格式内容。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/qq5rfBadR38Be1kM5rEicDXb0mZnziaD7XCmTosNbRTlV4LD16b5ETwJlL0PRCsfEIV57sfCudVy3XTDe6DaqG6w/640?wx_fmt=jpeg&tp=webp&wxfrom=5&wx_lazy=1&wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">恶意软件<span style="color: black;">能够</span>将合法图标快捷方式标签图换成伪造PNG文件的路径,来实现针对<span style="color: black;">目的</span>站点的入侵。跟<span style="color: black;">运用</span>伪造favicon图标文件来<span style="color: black;">隐匿</span>恶意JavaScript代码的攻击事件<span style="color: black;">区别</span>,这种攻击方式<span style="color: black;">最后</span>将实现一个PHP Web Shell。<span style="color: black;">然则</span>,当前网络犯罪分子所实现的这个PHP脚本并<span style="color: black;">不可</span>被正确加载。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/qq5rfBadR38Be1kM5rEicDXb0mZnziaD7XY5nqBTFAwELQoVbHXZhuVdX7nxCXFsCxiaKIIpXmGbrF8ASZQdmG7GA/640?wx_fmt=jpeg&tp=webp&wxfrom=5&wx_lazy=1&wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Web Shell是一种非常流行的恶意软件类型,它<span style="color: black;">准许</span>攻击者实现针对<span style="color: black;">目的</span>主机的远程<span style="color: black;">拜访</span>和管理,它们<span style="color: black;">一般</span>会在攻击者利用漏洞实现针对<span style="color: black;">目的</span>主机的入侵之后加载进一台Web服务器中。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">为了对这个Web Shell进行深入分析,<span style="color: black;">咱们</span>将其进行了反向解码。<span style="color: black;">咱们</span>看到,它会从一台域名为zolo[.]ow的<span style="color: black;">外边</span>主机获取数据。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/qq5rfBadR38Be1kM5rEicDXb0mZnziaD7XEVX1dRzYkzlb9UzaDmIO2wUwIicR2kYNqe9ecVcje9Ybad5KjjOZJ2Q/640?wx_fmt=jpeg&tp=webp&wxfrom=5&wx_lazy=1&wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">在对m1_2021_force目录进行深入分析之后,<span style="color: black;">咱们</span><span style="color: black;">发掘</span>了专门针对信用卡数据窃取的专用代码。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/qq5rfBadR38Be1kM5rEicDXb0mZnziaD7XQ5tGdCyia7heHeFmMHSdmYmvuXo6wE0vuoTbHEcT9ML361ybldPC4sg/640?wx_fmt=jpeg&tp=webp&wxfrom=5&wx_lazy=1&wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/qq5rfBadR38Be1kM5rEicDXb0mZnziaD7Xm7MVPBKvIJbwrgsHzz291yeu5YRMrNh7E4bmibwInfuNRicny5mxfSDQ/640?wx_fmt=jpeg&tp=webp&wxfrom=5&wx_lazy=1&wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">其中的数据提取部分与Denis@UnmaskParistes<span style="color: black;">科研</span>员在今年三月份于WordPress网站(Smilodon恶意软件)上<span style="color: black;">发掘</span>的内容相符,后者还<span style="color: black;">能够</span>窃取用户凭证数据:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/qq5rfBadR38Be1kM5rEicDXb0mZnziaD7X7btKFt8t95Cef536lOwaLeP0NRTExcx0iccRPiaJg5iaSFiaSyicZsom0nw/640?wx_fmt=jpeg&tp=webp&wxfrom=5&wx_lazy=1&wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">下面给出的是SanSec报告的类似的PHP文件(Mage.php):</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/qq5rfBadR38Be1kM5rEicDXb0mZnziaD7X54dT18BmOIrKxmDQoJ44JfCkp8dQvWzjufyDtZ2QHHxTu0ZsRFibUvg/640?wx_fmt=jpeg&tp=webp&wxfrom=5&wx_lazy=1&wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">在针对Mageto 1EOL攻击事件进行分析时,SamSec之前还报告过类似的路径/文件名:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/qq5rfBadR38Be1kM5rEicDXb0mZnziaD7XxqCIiaeVMeu3ibQpcVhxj6PtpMkMFQQIyk7Y1esz856Dic0JEEDJomJ7w/640?wx_fmt=jpeg&tp=webp&wxfrom=5&wx_lazy=1&wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">这<span style="color: black;">寓意</span>着,<span style="color: black;">咱们</span>当时和<span style="color: black;">此刻</span>可能正在<span style="color: black;">科研</span>相同的威胁<span style="color: black;">原因</span>,<span style="color: black;">咱们</span><span style="color: black;">能够</span><span style="color: black;">经过</span><span style="color: black;">科研</span>正在<span style="color: black;">运用</span>的<span style="color: black;">基本</span><span style="color: black;">设备</span>来确认这一点。</p>
<h2 style="color: black; text-align: left; margin-bottom: 10px;">Magecart Group 12</h2>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">由于</span><span style="color: black;">咱们</span>在Magento 1.x网站上<span style="color: black;">发掘</span>了favicon Webshell,<span style="color: black;">因此</span><span style="color: black;">咱们</span>认为可能与去年<span style="color: black;">发掘</span>的Magento 1分支(<span style="color: black;">再也不</span><span style="color: black;">守护</span>)漏洞攻击事件有关。RiskIQ记录了这些攻击事件,并将其与当时的Magecart Group 12联系起来。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">咱们</span><span style="color: black;">发掘</span>的最新域名(zolo[.]pw)恰好与先前Magecart Group 12<span style="color: black;">相关</span>的域recaptcha-in[.]pw和google statik[.]pw托管在相同的IP<span style="color: black;">位置</span>(217.12.204[.]185)上。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/qq5rfBadR38Be1kM5rEicDXb0mZnziaD7XI5fcJaMLjyr4JjY3j5jq5U5RLu6uYpNG9sfUULP6h4en1OPucNMJJA/640?wx_fmt=jpeg&tp=webp&wxfrom=5&wx_lazy=1&wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/qq5rfBadR38Be1kM5rEicDXb0mZnziaD7XKb1vtdgZPoyg7YfEDTyIJK8SB91AhPqVAt7dbw5J2cOqdQCaKcDEew/640?wx_fmt=jpeg&tp=webp&wxfrom=5&wx_lazy=1&wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
<h2 style="color: black; text-align: left; margin-bottom: 10px;">动态加载的skimmer</h2>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">此刻</span>有<span style="color: black;">非常多</span><span style="color: black;">办法</span><span style="color: black;">能够</span>加载skimming代码,但最<span style="color: black;">平常</span>的<span style="color: black;">便是</span><span style="color: black;">经过</span>调用<span style="color: black;">外边</span>JavaScript资源来实现。当一个客户<span style="color: black;">拜访</span>一个在线商店时,<span style="color: black;">她们</span>的浏览器会向一个托管skimmer的域发出请求。尽管犯罪分子会<span style="color: black;">持续</span>扩展<span style="color: black;">她们</span>的<span style="color: black;">基本</span><span style="color: black;">设备</span>,但<span style="color: black;">针对</span><span style="color: black;">哪些</span><span style="color: black;">运用</span>域/IP数据库的skimmer<span style="color: black;">来讲</span>,阻止和屏蔽还是相对容易的。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">相比之下,本文所介绍的skimmer会将代码动态地注入到商家网站中。向托管skimming代码的恶意域发送请求的是服务器端,而不是客户端。<span style="color: black;">这般</span>一来,除非所有被入侵的在线商城都被加入黑名单,否则这将<span style="color: black;">引起</span>基于数据库的屏蔽<span style="color: black;">办法</span>将行不通。一种更有效、但<span style="color: black;">亦</span>更<span style="color: black;">繁杂</span>且容易出现误报的<span style="color: black;">办法</span>是实时<span style="color: black;">检测</span>DOM,并检测何时加载了恶意代码。</p>
<h2 style="color: black; text-align: left; margin-bottom: 10px;">入侵威胁指标IoC</h2><span style="color: black;"><span style="color: black;">facedook</span><span style="color: black;">[.]</span><span style="color: black;">host</span></span><span style="color: black;"><span style="color: black;">pathc</span><span style="color: black;">[.]</span><span style="color: black;">space</span></span><span style="color: black;"><span style="color: black;">predator</span><span style="color: black;">[.]</span><span style="color: black;">host</span></span><span style="color: black;"><span style="color: black;">google-statik</span><span style="color: black;">[.]</span><span style="color: black;">pw</span></span><span style="color: black;"><span style="color: black;">recaptcha-in</span><span style="color: black;">[.]</span><span style="color: black;">pw</span></span><span style="color: black;"><span style="color: black;">sexrura</span><span style="color: black;">[.]</span><span style="color: black;">pw</span></span><span style="color: black;"><span style="color: black;">zolo</span><span style="color: black;">[.]</span><span style="color: black;">pw</span></span><span style="color: black;"><span style="color: black;">kermo</span><span style="color: black;">[.]</span><span style="color: black;">pw</span></span><span style="color: black;"><span style="color: black;">psas</span><span style="color: black;">[.]</span><span style="color: black;">pw</span></span><span style="color: black;"><span style="color: black;">pathc</span><span style="color: black;">[.]</span><span style="color: black;">space</span></span><span style="color: black;"><span style="color: black;">predator</span><span style="color: black;">[.]</span><span style="color: black;">host</span></span><span style="color: black;"><span style="color: black;">gooogletagmanager</span><span style="color: black;">[.]</span><span style="color: black;">online</span></span><span style="color: black;"><span style="color: black;">imags</span><span style="color: black;">[.]</span><span style="color: black;">pw</span></span><span style="color: black;"><span style="color: black;">y5</span><span style="color: black;">[.]</span><span style="color: black;">ms</span></span><span style="color: black;"><span style="color: black;">autocapital</span><span style="color: black;">[.]</span><span style="color: black;">pw</span></span><span style="color: black;"><span style="color: black;">myicons</span><span style="color: black;">[.]</span><span style="color: black;">net</span></span><span style="color: black;"><span style="color: black;">qr202754</span><span style="color: black;">[.]</span><span style="color: black;">pw</span></span><span style="color: black;"><span style="color: black;">thesun</span><span style="color: black;">[.]</span><span style="color: black;">pw</span></span><span style="color: black;"><span style="color: black;">redorn</span><span style="color: black;">[.]</span><span style="color: black;">space</span></span><span style="color: black;"><span style="color: black;">zeborn</span><span style="color: black;">[.]</span><span style="color: black;">pw</span></span><span style="color: black;"><span style="color: black;">googletagmanagr</span><span style="color: black;">[.]</span><span style="color: black;">com</span></span><span style="color: black;"><span style="color: black;">autocapital</span><span style="color: black;">[.]</span><span style="color: black;">pw</span></span><span style="color: black;"><span style="color: black;">http</span><span style="color: black;">[.]</span><span style="color: black;">ps</span></span><span style="color: black;"><span style="color: black;">xxx-club</span><span style="color: black;">[.]</span><span style="color: black;">pw</span></span><span style="color: black;"><span style="color: black;">y5</span><span style="color: black;">[.]</span><span style="color: black;">ms</span></span><span style="color: black;">195<span style="color: black;">[.]</span>123<span style="color: black;">[.]</span>217<span style="color: black;">[.]</span>18</span><span style="color: black;">217<span style="color: black;">[.]</span>12<span style="color: black;">[.]</span>204<span style="color: black;">[.]</span>185</span><span style="color: black;">83<span style="color: black;">[.]</span>166<span style="color: black;">[.]</span>241<span style="color: black;">[.]</span>205</span><span style="color: black;">83<span style="color: black;">[.]</span>166<span style="color: black;">[.]</span>242<span style="color: black;">[.]</span>105</span><span style="color: black;">83<span style="color: black;">[.]</span>166<span style="color: black;">[.]</span>244<span style="color: black;">[.]</span>113</span><span style="color: black;">83<span style="color: black;">[.]</span>166<span style="color: black;">[.]</span>244<span style="color: black;">[.]</span>152</span><span style="color: black;">83<span style="color: black;">[.]</span>166<span style="color: black;">[.]</span>244<span style="color: black;">[.]</span>189</span><span style="color: black;">83<span style="color: black;">[.]</span>166<span style="color: black;">[.]</span>244<span style="color: black;">[.]</span>76</span><span style="color: black;">83<span style="color: black;">[.]</span>166<span style="color: black;">[.]</span>245<span style="color: black;">[.]</span>131</span><span style="color: black;">83<span style="color: black;">[.]</span>166<span style="color: black;">[.]</span>246<span style="color: black;">[.]</span>34</span><span style="color: black;">83<span style="color: black;">[.]</span>166<span style="color: black;">[.]</span>246<span style="color: black;">[.]</span>81</span><span style="color: black;">83<span style="color: black;">[.]</span>166<span style="color: black;">[.]</span>248<span style="color: black;">[.]</span>67</span><span style="color: black;"><span style="color: black;">jamal</span><span style="color: black;">.budunoff</span>@<span style="color: black;">yandex</span>[.]<span style="color: black;">ru</span></span><span style="color: black;">muhtarpashatashanov@yandex[.]ru</span><span style="color: black;">nikola-az@rambler[.]ru</span><img src="data:image/svg+xml,%3C%3Fxml version=1.0 encoding=UTF-8%3F%3E%3Csvg width=1px height=1px viewBox=0 0 1 1 version=1.1 xmlns=http://www.w3.org/2000/svg xmlns:xlink=http://www.w3.org/1999/xlink%3E%3Ctitle%3E%3C/title%3E%3Cg stroke=none stroke-width=1 fill=none fill-rule=evenodd fill-opacity=0%3E%3Cg transform=translate(-249.000000, -126.000000) fill=%23FFFFFF%3E%3Crect x=249 y=126 width=1 height=1%3E%3C/rect%3E%3C/g%3E%3C/g%3E%3C/svg%3E" style="width: 50%; margin-bottom: 20px;">
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">精彩<span style="color: black;">举荐</span></p><strong style="color: blue;"><strong style="color: blue;"><img src="data:image/svg+xml,%3C%3Fxml version=1.0 encoding=UTF-8%3F%3E%3Csvg width=1px height=1px viewBox=0 0 1 1 version=1.1 xmlns=http://www.w3.org/2000/svg xmlns:xlink=http://www.w3.org/1999/xlink%3E%3Ctitle%3E%3C/title%3E%3Cg stroke=none stroke-width=1 fill=none fill-rule=evenodd fill-opacity=0%3E%3Cg transform=translate(-249.000000, -126.000000) fill=%23FFFFFF%3E%3Crect x=249 y=126 width=1 height=1%3E%3C/rect%3E%3C/g%3E%3C/g%3E%3C/svg%3E" style="width: 50%; margin-bottom: 20px;"></strong></strong>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><a style="color: black;"><span style="color: black;"><img src="data:image/svg+xml,%3C%3Fxml version=1.0 encoding=UTF-8%3F%3E%3Csvg width=1px height=1px viewBox=0 0 1 1 version=1.1 xmlns=http://www.w3.org/2000/svg xmlns:xlink=http://www.w3.org/1999/xlink%3E%3Ctitle%3E%3C/title%3E%3Cg stroke=none stroke-width=1 fill=none fill-rule=evenodd fill-opacity=0%3E%3Cg transform=translate(-249.000000, -126.000000) fill=%23FFFFFF%3E%3Crect x=249 y=126 width=1 height=1%3E%3C/rect%3E%3C/g%3E%3C/g%3E%3C/svg%3E" style="width: 50%; margin-bottom: 20px;"></span></a></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><a style="color: black;"><span style="color: black;"><img src="data:image/svg+xml,%3C%3Fxml version=1.0 encoding=UTF-8%3F%3E%3Csvg width=1px height=1px viewBox=0 0 1 1 version=1.1 xmlns=http://www.w3.org/2000/svg xmlns:xlink=http://www.w3.org/1999/xlink%3E%3Ctitle%3E%3C/title%3E%3Cg stroke=none stroke-width=1 fill=none fill-rule=evenodd fill-opacity=0%3E%3Cg transform=translate(-249.000000, -126.000000) fill=%23FFFFFF%3E%3Crect x=249 y=126 width=1 height=1%3E%3C/rect%3E%3C/g%3E%3C/g%3E%3C/svg%3E" style="width: 50%; margin-bottom: 20px;"></span></a></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;"><strong style="color: blue;"><strong style="color: blue;"><strong style="color: blue;"><strong style="color: blue;"><strong style="color: blue;"><strong style="color: blue;"><a style="color: black;"><span style="color: black;"><img src="data:image/svg+xml,%3C%3Fxml version=1.0 encoding=UTF-8%3F%3E%3Csvg width=1px height=1px viewBox=0 0 1 1 version=1.1 xmlns=http://www.w3.org/2000/svg xmlns:xlink=http://www.w3.org/1999/xlink%3E%3Ctitle%3E%3C/title%3E%3Cg stroke=none stroke-width=1 fill=none fill-rule=evenodd fill-opacity=0%3E%3Cg transform=translate(-249.000000, -126.000000) fill=%23FFFFFF%3E%3Crect x=249 y=126 width=1 height=1%3E%3C/rect%3E%3C/g%3E%3C/g%3E%3C/svg%3E" style="width: 50%; margin-bottom: 20px;"></span></a></strong></strong></strong></strong></strong></strong></strong></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;"><strong style="color: blue;"><strong style="color: blue;"><strong style="color: blue;"><strong style="color: blue;"><strong style="color: blue;"><strong style="color: blue;"><img src="data:image/svg+xml,%3C%3Fxml version=1.0 encoding=UTF-8%3F%3E%3Csvg width=1px height=1px viewBox=0 0 1 1 version=1.1 xmlns=http://www.w3.org/2000/svg xmlns:xlink=http://www.w3.org/1999/xlink%3E%3Ctitle%3E%3C/title%3E%3Cg stroke=none stroke-width=1 fill=none fill-rule=evenodd fill-opacity=0%3E%3Cg transform=translate(-249.000000, -126.000000) fill=%23FFFFFF%3E%3Crect x=249 y=126 width=1 height=1%3E%3C/rect%3E%3C/g%3E%3C/g%3E%3C/svg%3E" style="width: 50%; margin-bottom: 20px;"></strong></strong></strong></strong></strong></strong></strong></p>
认真阅读了楼主的帖子,非常有益。
页:
[1]