第25個冬天

  一個有漏洞的程式碼範例 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 24...

  問題描述 We received reports from a user that they were able to exploit a SQL Injection vulnerability in the transaction search feature of the internet bank solution. They stated that they were able to view transactions that belong to other users by exploiting this flaw, but pointed out that this vulnerability could allow an attacker to do all sorts of nasty stuff to the database, like dropping tables, viewing data from other tables, inserting data etc. Please try to replicate what the user did, and show that you were able to exploit it by selecting transactions that belong to another account. 指示 1. View your account Click the View button on the only account that appears in the list of bank accounts. This page lists transactions made on your account. 2. Observe the code The View Account page offers a search functionality to search your transactions. If you take a look at the code snippet you can see how the database is queried for the transaction search. Take a special notice of how ...

  程式碼 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 #include "opencv2/opencv.hpp" #include "opencv2/highgui/highgui.hpp" #include "opencv2/core.hpp" #include "opencv2/dnn.hpp" #include "opencv2/xfeatures2d/nonfree.hpp" #include "opencv2/features2d/features2d.hpp" #include <iostream> #include <fstream> #include<cmath> #include<string> #include <algorithm> using namespace std; using namespace cv; using namespace cv :: dnn; using namespace cv :: xfeatures2d; Mat src, gray_src, dst; int thrCornor = 140 ; int thrMax = 255 ; const char * output_title = "HarrisCorner Detect Result" ; void Harris_Process ( int , void * ); int main () { src = imread( "C:/img/2393662_orig.jpg" ); namedWindow( "src" , WINDOW_NOR...

  程式碼 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 #include "opencv2/opencv.hpp" #include "opencv2/highgui/highgui.hpp" #include "opencv2/core.hpp" #include "opencv2/dnn.hpp" #include "opencv2/xfeatures2d/nonfree.hpp" #include "opencv2/features2d/features2d.hpp" #include <iostream> #include <fstream> #include<cmath> #include<string> #include <algorithm> using namespace std; using namespace cv; using namespace cv :: dnn; using namespace cv :: xfeatures2d; int main () { Mat img1 = imread( "C:/img/box.png" ,...

  查找PK的指令下法 1 2 3 4 5 6 7 8 SELECT Col. Column_Name from INFORMATION_SCHEMA.TABLE_CONSTRAINTS Tab, INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE Col WHERE Col. Constraint_Name = Tab. Constraint_Name AND Col. Table_Name = Tab. Table_Name AND Constraint_Type = 'PRIMARY KEY' AND Col. Table_Name = '<your table name>' 查找FK的指令下法 1 EXEC sp_fkeys '<your table name>'

  在透過C# SMTP API寄發信件通知時候 若有附件 這時候若處裡不當 就可能拋出這個例外錯誤 Before 由於例外發生在 Attachment只要SMTP使用完後做Dispose也會連動將MemoryStream給清空 因此應放置於迴圈內每次初始 After Ref: SMTPException One of the streams has already been used and can't be reset to the origin https://stackoverflow.com/questions/33342212/smtpexception-one-of-the-streams-has-already-been-used-and-cant-be-reset-to-the