This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99bcb8e72f6fc184637fc184637fc184637fc184637
Found HiSiliconDVR firmware: Hardware: General MBD6016E-E Vulnerable to multiple issues : LFI, possibly RCE
Open service 218.161.127.248:84
2024-05-08 12:47
HTTP/1.0 200 OK Content-type: text/html Server: uc-httpd 1.0.0 Expires: 0 Page title: NETSurveillance WEB <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="stylesheet" type="text/css" media="screen" href="m.css" /> <title>NETSurveillance WEB</title> <!-- m.js --> <script type="text/javascript" language="JavaScript"> if(navigator.userAgent.indexOf('IE') < 0) { var userAgent = navigator.userAgent, rMsie = /(msie\s|trident.*rv:)([\w.]+)/, rFirefox = /(firefox)\/([\w.]+)/, rOpera = /(opera).+version\/([\w.]+)/, rChrome = /(chrome)\/([\w.]+)/, rSafari = /version\/([\w.]+).*(safari)/; var browserMatch = uaMatch(userAgent.toLowerCase()); if(browserMatch.browser!="IE") { location="Login.htm"; } } function uaMatch(ua) { var match = rMsie.exec(ua); if (match != null) { return { browser : "IE", version : match[2] || "0" }; } var match = rFirefox.exec(ua); if (match != null) { return { browser : match[1] || "", version : match[2] || "0" }; } var match = rOpera.exec(ua); if (match != null) { return { browser : match[1] || "", version : match[2] || "0" }; } var match = rChrome.exec(ua); if (match != null) { return { browser : match[1] || "", version : match[2] || "0" }; } var match = rSafari.exec(ua); if (match != null) { return { browser : match[2] || "", version : match[1] || "0" }; } if (match != null) { return { browser : "", version : "0" }; } } </script> <script type="text/javascript">//m.js var ipaddress =document.location.hostname; if (ipaddress == "") { //ipaddress = "10.10.48.46"; // ipaddress = "10.2.2.88"; } var hostport=34567; var iLanguage=102; var numLanguage; var DownLoadAddr=""; </script> <script type="text/javascript" src="m.jsp"></script> <script type="text/javascript" src="config.js"></script> <!-- 全局变量 --> <script type="text/javascript"> var gExitChannel=new Array(); var gExitSubType=new Array(); var gexiti; var gcid=-1; var g_channelNum=4; var g_digitalChannel=0; var gsld; var gslda; var gsldb; var gsldc; var gsldd; var gfmu1=0; var gfmu2=0; var gfmu3=0; var g_bRecord=false; var g_bRealPlay=false; var g_bAudio=false; var g_bQS=false; var g_bClose=false; var gHashCookie = new Hash.Cookie('NetSuveillanceWebCookie',{duration: 30}); var settings = { username:'', ocxlanguage:'' } var gca=0; var gcb=0; var gcc=0; var gcd=0; var gAutoPlayAll=false; </script> <!-- 颜色滑块 --> <script type="text/javascript"> function sldtopos(sld,step){ sld.knob.setStyle('left', sld.toPosition(step)); } function setcolorsv(f,v){ switch (f) { case 1: gca=v; $('ska').title=v; break; case 2: gcb=v; $('skb').title=v; break; case 3: gcc=v; $('skc').title=v; break; case 4: gcd=v; $('skd').title=v; break; } } function getcolors(){ var colors=""; colors=ocx.GetColor(); var t= new Array(); if (colors !="") { t=colors.split(','); sldtopos(gslda,parseInt(t[0])); sldtopos(gsldb,parseInt(t[1])); sldtopos(gsldc,parseInt(t[2])); sldtopos(gsldd,parseInt(t[3])); setcolorsv(1,parseInt(t[0])); setcolorsv(2,parseInt(t[1])); setcolorsv(3,parseInt(t[2])); setcolorsv(4,parseInt(t[3])); } el
Open service 218.161.127.248:84
2024-04-30 19:59
HTTP/1.0 200 OK Content-type: text/html Server: uc-httpd 1.0.0 Expires: 0 Page title: NETSurveillance WEB <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="stylesheet" type="text/css" media="screen" href="m.css" /> <title>NETSurveillance WEB</title> <!-- m.js --> <script type="text/javascript" language="JavaScript"> if(navigator.userAgent.indexOf('IE') < 0) { var userAgent = navigator.userAgent, rMsie = /(msie\s|trident.*rv:)([\w.]+)/, rFirefox = /(firefox)\/([\w.]+)/, rOpera = /(opera).+version\/([\w.]+)/, rChrome = /(chrome)\/([\w.]+)/, rSafari = /version\/([\w.]+).*(safari)/; var browserMatch = uaMatch(userAgent.toLowerCase()); if(browserMatch.browser!="IE") { location="Login.htm"; } } function uaMatch(ua) { var match = rMsie.exec(ua); if (match != null) { return { browser : "IE", version : match[2] || "0" }; } var match = rFirefox.exec(ua); if (match != null) { return { browser : match[1] || "", version : match[2] || "0" }; } var match = rOpera.exec(ua); if (match != null) { return { browser : match[1] || "", version : match[2] || "0" }; } var match = rChrome.exec(ua); if (match != null) { return { browser : match[1] || "", version : match[2] || "0" }; } var match = rSafari.exec(ua); if (match != null) { return { browser : match[2] || "", version : match[1] || "0" }; } if (match != null) { return { browser : "", version : "0" }; } } </script> <script type="text/javascript">//m.js var ipaddress =document.location.hostname; if (ipaddress == "") { //ipaddress = "10.10.48.46"; // ipaddress = "10.2.2.88"; } var hostport=34567; var iLanguage=102; var numLanguage; var DownLoadAddr=""; </script> <script type="text/javascript" src="m.jsp"></script> <script type="text/javascript" src="config.js"></script> <!-- 全局变量 --> <script type="text/javascript"> var gExitChannel=new Array(); var gExitSubType=new Array(); var gexiti; var gcid=-1; var g_channelNum=4; var g_digitalChannel=0; var gsld; var gslda; var gsldb; var gsldc; var gsldd; var gfmu1=0; var gfmu2=0; var gfmu3=0; var g_bRecord=false; var g_bRealPlay=false; var g_bAudio=false; var g_bQS=false; var g_bClose=false; var gHashCookie = new Hash.Cookie('NetSuveillanceWebCookie',{duration: 30}); var settings = { username:'', ocxlanguage:'' } var gca=0; var gcb=0; var gcc=0; var gcd=0; var gAutoPlayAll=false; </script> <!-- 颜色滑块 --> <script type="text/javascript"> function sldtopos(sld,step){ sld.knob.setStyle('left', sld.toPosition(step)); } function setcolorsv(f,v){ switch (f) { case 1: gca=v; $('ska').title=v; break; case 2: gcb=v; $('skb').title=v; break; case 3: gcc=v; $('skc').title=v; break; case 4: gcd=v; $('skd').title=v; break; } } function getcolors(){ var colors=""; colors=ocx.GetColor(); var t= new Array(); if (colors !="") { t=colors.split(','); sldtopos(gslda,parseInt(t[0])); sldtopos(gsldb,parseInt(t[1])); sldtopos(gsldc,parseInt(t[2])); sldtopos(gsldd,parseInt(t[3])); setcolorsv(1,parseInt(t[0])); setcolorsv(2,parseInt(t[1])); setcolorsv(3,parseInt(t[2])); setcolorsv(4,parseInt(t[3])); } el
Open service 218.161.127.248:84
2024-04-28 18:42
HTTP/1.0 200 OK Content-type: text/html Server: uc-httpd 1.0.0 Expires: 0 Page title: NETSurveillance WEB <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="stylesheet" type="text/css" media="screen" href="m.css" /> <title>NETSurveillance WEB</title> <!-- m.js --> <script type="text/javascript" language="JavaScript"> if(navigator.userAgent.indexOf('IE') < 0) { var userAgent = navigator.userAgent, rMsie = /(msie\s|trident.*rv:)([\w.]+)/, rFirefox = /(firefox)\/([\w.]+)/, rOpera = /(opera).+version\/([\w.]+)/, rChrome = /(chrome)\/([\w.]+)/, rSafari = /version\/([\w.]+).*(safari)/; var browserMatch = uaMatch(userAgent.toLowerCase()); if(browserMatch.browser!="IE") { location="Login.htm"; } } function uaMatch(ua) { var match = rMsie.exec(ua); if (match != null) { return { browser : "IE", version : match[2] || "0" }; } var match = rFirefox.exec(ua); if (match != null) { return { browser : match[1] || "", version : match[2] || "0" }; } var match = rOpera.exec(ua); if (match != null) { return { browser : match[1] || "", version : match[2] || "0" }; } var match = rChrome.exec(ua); if (match != null) { return { browser : match[1] || "", version : match[2] || "0" }; } var match = rSafari.exec(ua); if (match != null) { return { browser : match[2] || "", version : match[1] || "0" }; } if (match != null) { return { browser : "", version : "0" }; } } </script> <script type="text/javascript">//m.js var ipaddress =document.location.hostname; if (ipaddress == "") { //ipaddress = "10.10.48.46"; // ipaddress = "10.2.2.88"; } var hostport=34567; var iLanguage=102; var numLanguage; var DownLoadAddr=""; </script> <script type="text/javascript" src="m.jsp"></script> <script type="text/javascript" src="config.js"></script> <!-- 全局变量 --> <script type="text/javascript"> var gExitChannel=new Array(); var gExitSubType=new Array(); var gexiti; var gcid=-1; var g_channelNum=4; var g_digitalChannel=0; var gsld; var gslda; var gsldb; var gsldc; var gsldd; var gfmu1=0; var gfmu2=0; var gfmu3=0; var g_bRecord=false; var g_bRealPlay=false; var g_bAudio=false; var g_bQS=false; var g_bClose=false; var gHashCookie = new Hash.Cookie('NetSuveillanceWebCookie',{duration: 30}); var settings = { username:'', ocxlanguage:'' } var gca=0; var gcb=0; var gcc=0; var gcd=0; var gAutoPlayAll=false; </script> <!-- 颜色滑块 --> <script type="text/javascript"> function sldtopos(sld,step){ sld.knob.setStyle('left', sld.toPosition(step)); } function setcolorsv(f,v){ switch (f) { case 1: gca=v; $('ska').title=v; break; case 2: gcb=v; $('skb').title=v; break; case 3: gcc=v; $('skc').title=v; break; case 4: gcd=v; $('skd').title=v; break; } } function getcolors(){ var colors=""; colors=ocx.GetColor(); var t= new Array(); if (colors !="") { t=colors.split(','); sldtopos(gslda,parseInt(t[0])); sldtopos(gsldb,parseInt(t[1])); sldtopos(gsldc,parseInt(t[2])); sldtopos(gsldd,parseInt(t[3])); setcolorsv(1,parseInt(t[0])); setcolorsv(2,parseInt(t[1])); setcolorsv(3,parseInt(t[2])); setcolorsv(4,parseInt(t[3])); } el
Open service 218.161.127.248:84
2024-04-26 01:51
HTTP/1.0 200 OK Content-type: text/html Server: uc-httpd 1.0.0 Expires: 0 Page title: NETSurveillance WEB <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="stylesheet" type="text/css" media="screen" href="m.css" /> <title>NETSurveillance WEB</title> <!-- m.js --> <script type="text/javascript" language="JavaScript"> if(navigator.userAgent.indexOf('IE') < 0) { var userAgent = navigator.userAgent, rMsie = /(msie\s|trident.*rv:)([\w.]+)/, rFirefox = /(firefox)\/([\w.]+)/, rOpera = /(opera).+version\/([\w.]+)/, rChrome = /(chrome)\/([\w.]+)/, rSafari = /version\/([\w.]+).*(safari)/; var browserMatch = uaMatch(userAgent.toLowerCase()); if(browserMatch.browser!="IE") { location="Login.htm"; } } function uaMatch(ua) { var match = rMsie.exec(ua); if (match != null) { return { browser : "IE", version : match[2] || "0" }; } var match = rFirefox.exec(ua); if (match != null) { return { browser : match[1] || "", version : match[2] || "0" }; } var match = rOpera.exec(ua); if (match != null) { return { browser : match[1] || "", version : match[2] || "0" }; } var match = rChrome.exec(ua); if (match != null) { return { browser : match[1] || "", version : match[2] || "0" }; } var match = rSafari.exec(ua); if (match != null) { return { browser : match[2] || "", version : match[1] || "0" }; } if (match != null) { return { browser : "", version : "0" }; } } </script> <script type="text/javascript">//m.js var ipaddress =document.location.hostname; if (ipaddress == "") { //ipaddress = "10.10.48.46"; // ipaddress = "10.2.2.88"; } var hostport=34567; var iLanguage=102; var numLanguage; var DownLoadAddr=""; </script> <script type="text/javascript" src="m.jsp"></script> <script type="text/javascript" src="config.js"></script> <!-- 全局变量 --> <script type="text/javascript"> var gExitChannel=new Array(); var gExitSubType=new Array(); var gexiti; var gcid=-1; var g_channelNum=4; var g_digitalChannel=0; var gsld; var gslda; var gsldb; var gsldc; var gsldd; var gfmu1=0; var gfmu2=0; var gfmu3=0; var g_bRecord=false; var g_bRealPlay=false; var g_bAudio=false; var g_bQS=false; var g_bClose=false; var gHashCookie = new Hash.Cookie('NetSuveillanceWebCookie',{duration: 30}); var settings = { username:'', ocxlanguage:'' } var gca=0; var gcb=0; var gcc=0; var gcd=0; var gAutoPlayAll=false; </script> <!-- 颜色滑块 --> <script type="text/javascript"> function sldtopos(sld,step){ sld.knob.setStyle('left', sld.toPosition(step)); } function setcolorsv(f,v){ switch (f) { case 1: gca=v; $('ska').title=v; break; case 2: gcb=v; $('skb').title=v; break; case 3: gcc=v; $('skc').title=v; break; case 4: gcd=v; $('skd').title=v; break; } } function getcolors(){ var colors=""; colors=ocx.GetColor(); var t= new Array(); if (colors !="") { t=colors.split(','); sldtopos(gslda,parseInt(t[0])); sldtopos(gsldb,parseInt(t[1])); sldtopos(gsldc,parseInt(t[2])); sldtopos(gsldd,parseInt(t[3])); setcolorsv(1,parseInt(t[0])); setcolorsv(2,parseInt(t[1])); setcolorsv(3,parseInt(t[2])); setcolorsv(4,parseInt(t[3])); } el
Open service 218.161.127.248:84
2024-04-22 21:46
HTTP/1.0 200 OK Content-type: text/html Server: uc-httpd 1.0.0 Expires: 0 Page title: NETSurveillance WEB <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="stylesheet" type="text/css" media="screen" href="m.css" /> <title>NETSurveillance WEB</title> <!-- m.js --> <script type="text/javascript" language="JavaScript"> if(navigator.userAgent.indexOf('IE') < 0) { var userAgent = navigator.userAgent, rMsie = /(msie\s|trident.*rv:)([\w.]+)/, rFirefox = /(firefox)\/([\w.]+)/, rOpera = /(opera).+version\/([\w.]+)/, rChrome = /(chrome)\/([\w.]+)/, rSafari = /version\/([\w.]+).*(safari)/; var browserMatch = uaMatch(userAgent.toLowerCase()); if(browserMatch.browser!="IE") { location="Login.htm"; } } function uaMatch(ua) { var match = rMsie.exec(ua); if (match != null) { return { browser : "IE", version : match[2] || "0" }; } var match = rFirefox.exec(ua); if (match != null) { return { browser : match[1] || "", version : match[2] || "0" }; } var match = rOpera.exec(ua); if (match != null) { return { browser : match[1] || "", version : match[2] || "0" }; } var match = rChrome.exec(ua); if (match != null) { return { browser : match[1] || "", version : match[2] || "0" }; } var match = rSafari.exec(ua); if (match != null) { return { browser : match[2] || "", version : match[1] || "0" }; } if (match != null) { return { browser : "", version : "0" }; } } </script> <script type="text/javascript">//m.js var ipaddress =document.location.hostname; if (ipaddress == "") { //ipaddress = "10.10.48.46"; // ipaddress = "10.2.2.88"; } var hostport=34567; var iLanguage=102; var numLanguage; var DownLoadAddr=""; </script> <script type="text/javascript" src="m.jsp"></script> <script type="text/javascript" src="config.js"></script> <!-- 全局变量 --> <script type="text/javascript"> var gExitChannel=new Array(); var gExitSubType=new Array(); var gexiti; var gcid=-1; var g_channelNum=4; var g_digitalChannel=0; var gsld; var gslda; var gsldb; var gsldc; var gsldd; var gfmu1=0; var gfmu2=0; var gfmu3=0; var g_bRecord=false; var g_bRealPlay=false; var g_bAudio=false; var g_bQS=false; var g_bClose=false; var gHashCookie = new Hash.Cookie('NetSuveillanceWebCookie',{duration: 30}); var settings = { username:'', ocxlanguage:'' } var gca=0; var gcb=0; var gcc=0; var gcd=0; var gAutoPlayAll=false; </script> <!-- 颜色滑块 --> <script type="text/javascript"> function sldtopos(sld,step){ sld.knob.setStyle('left', sld.toPosition(step)); } function setcolorsv(f,v){ switch (f) { case 1: gca=v; $('ska').title=v; break; case 2: gcb=v; $('skb').title=v; break; case 3: gcc=v; $('skc').title=v; break; case 4: gcd=v; $('skd').title=v; break; } } function getcolors(){ var colors=""; colors=ocx.GetColor(); var t= new Array(); if (colors !="") { t=colors.split(','); sldtopos(gslda,parseInt(t[0])); sldtopos(gsldb,parseInt(t[1])); sldtopos(gsldc,parseInt(t[2])); sldtopos(gsldd,parseInt(t[3])); setcolorsv(1,parseInt(t[0])); setcolorsv(2,parseInt(t[1])); setcolorsv(3,parseInt(t[2])); setcolorsv(4,parseInt(t[3])); } el
Open service 218.161.127.248:80
2024-04-22 20:19
HTTP/1.1 200 OK Date: Tue, 23 Apr 2024 04:22:00 GMT Server: Accept-Ranges: bytes Connection: close Content-Length: 1669 Last-Modified: Tue, 24 Oct 2017 06:10:25 GMT Content-Type: text/html Page title: VACRON DVR LOGIN <!DOCTYPE html> <html> <head> <title>VACRON DVR LOGIN</title> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <!-- Bootstrap --> <link href="css/bootstrap-3.1.1.css" rel="stylesheet" media="screen"> <link href="css/main.css" rel="stylesheet" media="screen"> <style type="text/css"> body { background: #eeeeee; } </style> <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries --> <!-- WARNING: Respond.js doesn't work if you view the page via file:// --> <!--[if lt IE 9]> <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script> <script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script> <![endif]--> <!--[if lt IE 8]> <link href="css/bootstrap-ie7.css" rel="stylesheet"> <![endif]--> </head> <body> <div class="jumbotron"> <h1><strong>VACRON</strong></h1> <p><strong>ADVANCES IN SECURITY SOLUTION</strong></p> <form class="form-login" method="post" action="login.cgi"> <div class="form-group"> <input type="text" class="form-control input-lg" name="name" placeholder="Name"> </div> <div class="form-group"> <input type="password" class="form-control input-lg" name="pwd" placeholder="Password"> </div> <button type="submit" class="btn btn-lg btn-primary btn-block" data-i18n="tr-login">LOGIN</button> </form> </div> <script src="js/jquery-1.11.1.min.js"></script> <script src="js/jquery.i18n.js"></script> <script src="js/lang_login.js"></script> </body> </html>
Open service 218.161.127.248:84
2024-04-18 18:32
HTTP/1.0 200 OK Content-type: text/html Server: uc-httpd 1.0.0 Expires: 0 Page title: NETSurveillance WEB <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="stylesheet" type="text/css" media="screen" href="m.css" /> <title>NETSurveillance WEB</title> <!-- m.js --> <script type="text/javascript" language="JavaScript"> if(navigator.userAgent.indexOf('IE') < 0) { var userAgent = navigator.userAgent, rMsie = /(msie\s|trident.*rv:)([\w.]+)/, rFirefox = /(firefox)\/([\w.]+)/, rOpera = /(opera).+version\/([\w.]+)/, rChrome = /(chrome)\/([\w.]+)/, rSafari = /version\/([\w.]+).*(safari)/; var browserMatch = uaMatch(userAgent.toLowerCase()); if(browserMatch.browser!="IE") { location="Login.htm"; } } function uaMatch(ua) { var match = rMsie.exec(ua); if (match != null) { return { browser : "IE", version : match[2] || "0" }; } var match = rFirefox.exec(ua); if (match != null) { return { browser : match[1] || "", version : match[2] || "0" }; } var match = rOpera.exec(ua); if (match != null) { return { browser : match[1] || "", version : match[2] || "0" }; } var match = rChrome.exec(ua); if (match != null) { return { browser : match[1] || "", version : match[2] || "0" }; } var match = rSafari.exec(ua); if (match != null) { return { browser : match[2] || "", version : match[1] || "0" }; } if (match != null) { return { browser : "", version : "0" }; } } </script> <script type="text/javascript">//m.js var ipaddress =document.location.hostname; if (ipaddress == "") { //ipaddress = "10.10.48.46"; // ipaddress = "10.2.2.88"; } var hostport=34567; var iLanguage=102; var numLanguage; var DownLoadAddr=""; </script> <script type="text/javascript" src="m.jsp"></script> <script type="text/javascript" src="config.js"></script> <!-- 全局变量 --> <script type="text/javascript"> var gExitChannel=new Array(); var gExitSubType=new Array(); var gexiti; var gcid=-1; var g_channelNum=4; var g_digitalChannel=0; var gsld; var gslda; var gsldb; var gsldc; var gsldd; var gfmu1=0; var gfmu2=0; var gfmu3=0; var g_bRecord=false; var g_bRealPlay=false; var g_bAudio=false; var g_bQS=false; var g_bClose=false; var gHashCookie = new Hash.Cookie('NetSuveillanceWebCookie',{duration: 30}); var settings = { username:'', ocxlanguage:'' } var gca=0; var gcb=0; var gcc=0; var gcd=0; var gAutoPlayAll=false; </script> <!-- 颜色滑块 --> <script type="text/javascript"> function sldtopos(sld,step){ sld.knob.setStyle('left', sld.toPosition(step)); } function setcolorsv(f,v){ switch (f) { case 1: gca=v; $('ska').title=v; break; case 2: gcb=v; $('skb').title=v; break; case 3: gcc=v; $('skc').title=v; break; case 4: gcd=v; $('skd').title=v; break; } } function getcolors(){ var colors=""; colors=ocx.GetColor(); var t= new Array(); if (colors !="") { t=colors.split(','); sldtopos(gslda,parseInt(t[0])); sldtopos(gsldb,parseInt(t[1])); sldtopos(gsldc,parseInt(t[2])); sldtopos(gsldd,parseInt(t[3])); setcolorsv(1,parseInt(t[0])); setcolorsv(2,parseInt(t[1])); setcolorsv(3,parseInt(t[2])); setcolorsv(4,parseInt(t[3])); } el