WPScan扫描Wordpress漏洞
一、什么是Wpscan?什么是Wordpres?
1.Wpscan
WPScan是一个扫描WordPress漏洞的黑盒子扫描器,可以扫描出wordpress的版本,主题,插件,后台用户以及爆破后台用户密码等。
2.Wordpress
WordPress是一种使用PHP语言和MySQL数据库开发的博客平台,用户可以在支持PHP和MySQL数据库的服务器上架设属于自己的网站。也可以把 WordPress当作一个内容管理系统(CMS)来使用。WordPress有许多第三方开发的免费模板,安装方式简单易用。
二、Wordpress系统的搭建
1.下载Wordpress
TURNKEYLINUX是linux一站式软件站,在浏览器地址栏输入 https://www.turnkeylinux.org/ 访问官网下载Wordpress
2.Wordpress的安装配置
详细安装配置教程
https://www.cnblogs.com/WangYiqiang/p/9560325.html
注意:在虚拟机中安装Wordpress前需配置好虚拟机网络等设置
Wordpress配置好后如图所示
该界面显示了Wordpress应用服务的详细信息,如Web地址,Webshell地址,Webmin地址,PHPMyAdmin的地址和端口号以及SSH/SFTP地址和端口号。
出现此界面表明WordPress Turnkey Linux 搭建完成,可以使用。
三、使用Wpscsn对WordPress进行漏洞扫描
1.利用 “wpscan -h”命令,可查看Wpscan的版本,常用选项,功能介绍,例程等;
1 root@kali:~# wpscan -h 2 _______________________________________________________________ 3 __ _______ _____ 4 \ \ / / __ \ / ____| 5 \ \ /\ / /| |__) | (___ ___ __ _ _ __ 6 \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \ 7 \ /\ / | | ____) | (__| (_| | | | | 8 \/ \/ |_| |_____/ \___|\__,_|_| |_| 9 10 WordPress Security Scanner by the WPScan Team 11 Version 2.9.1 //Wpscan版本信息 12 Sponsored by Sucuri - https://sucuri.net 13 @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_ 14 _______________________________________________________________ 15 16 Help : 17 18 Some values are settable in a config file, see the example.conf.json 19 20 --update Update the database to the latest version.#更新命令 命令“root@kali:~# wpscan --update”
21 --url | -u <target url> The WordPress URL/domain to scan.#指定URL/域进行扫描 命令“root@kali:~# wpscan --url 地址”或“root@kali:~# wpscan -u 地址”
22 --force | -f Forces WPScan to not check if the remote site is running WordPress.#强制Wpscan不检查远程正在运行WordPress的主机 23 --enumerate | - 24 option : 25 u usernames from id 1 to 10 #默认用户1-用户10 26 u[10-20] usernames from id 10 to 20 (you must write [] chars)#默认用户10-20([]中字符必须写)
27 p plugins
#插件程序
28 vp only vulnerable plugins
#仅漏洞插件程序 29 ap all plugins (can take a long time)
#所有插件程序(耗时比较长) 30 tt timthumbs #小号 31 t themes#主题 32 vt only vulnerable themes #仅漏洞主题 33 at all themes (can take a long time) #所有主题 34 Multiple values are allowed : "-e tt,p" will enumerate timthumbs and plugi #多值参数
35 If no option is supplied, the default is "vt,tt,u,vp" 无参默认 37 --exclude-content-based "<regexp or string>" 38 Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied. 39 You do not need to provide the regexp delimiters, but you must write the quotes (simple or double). 40 --config-file | -c <config file> Use the specified config file, see the example.conf.json.配置文佳 41 --user-agent | -a <User-Agent> Use the specified User-Agent.指定用户代理 42 --cookie <String> String to read cookies from.cookie字符串读取 43 --random-agent | -r Use a random User-Agent.代理 44 --follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not跟踪重定向目标网址 45 --batch Never ask for user input, use the default behaviour.不请求用户输入使用默认 46 --no-color Do not use colors in the output.不在输出中使用颜色 47 --wp-content-dir <wp content dir> WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. 48 Subdirectories are allowed. WPScan尝试通过扫描索引页面来查找内容目录(即wp-content),但是您可以指定它。允许使用子目录。 49 --wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir but for the plugins directory. 50 If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed ame比--wp-content-dir但是对于plugins目录。 如果没有提供,WPScan将使用wp-content-dir / plugins。 允许子目录 51 --proxy <[protocol://]host:port> Supply a proxy. HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. 52 If no protocol is given (format host:port), HTTP will be used. 53 --proxy-auth <username:password> Supply the proxy login credentials. 提供代理登陆凭证 54 --basic-auth <username:password> Set the HTTP Basic authentication.
设置HTTP基本认证
55 --wordlist | -w <wordlist> Supply a wordlist for the password brute forcer.为暴力密码破解指定密码字典
56 --username | -U <username> Only brute force the supplied username.指定暴力破解用户 57 --usernames <path-to-file> Only brute force the usernames from the file. 仅从密码字典中暴力破解用户名 58 --threads | -t <number of threads> The number of threads to use when multi-threading requests.多线程指定线程数 59 --cache-ttl <cache-ttl> Typhoeus cache TTL. 60 --request-timeout <request-timeout> Request Timeout. 请求时间间隔 61 --connect-timeout <connect-timeout> Connect Timeout. 连接时间间隔 62 --max-threads <max-threads> Maximum Threads. 最大线程数 63 --throttle <milliseconds> Milliseconds to wait before doing another web request. If used, the --threads should be set to 1.在执行另一个Web请求之前等待的毫秒数。 如果使用,则--threads应设置为1。 64 --help | -h This help screen. 65 --verbose | -v Verbose output. 66 --version Output the current version and exit. 67 68 69 Examples : 70 帮助 71 -Further help ... 72 ruby ./wpscan.rb --help 73 做“非侵入性”检查 74 -Do 'non-intrusive' checks ... 75 ruby ./wpscan.rb --url www.example.com 76 使用50个线程对枚举的用户做单词列表密码蛮力… 77 -Do wordlist password brute force on enumerated users using 50 threads ... 78 ruby ./wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50 79 做单词表密码蛮力上的“管理员”用户名只… 80 -Do wordlist password brute force on the 'admin' username only ... 81 ruby ./wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin 82 枚举安装的插件… 83 -Enumerate installed plugins ... 84 ruby ./wpscan.rb --url www.example.com --enumerate p 85 枚举安装的主题 86 -Enumerate installed themes ... 87 ruby ./wpscan.rb --url www.example.com --enumerate t 88 枚举用户 89 -Enumerate users ... 90 ruby ./wpscan.rb --url www.example.com --enumerate u 91 枚举安装的TimTrBBS 92 -Enumerate installed timthumbs ... 93 ruby ./wpscan.rb --url www.example.com --enumerate tt 94 使用HTTP代理 95 -Use a HTTP proxy ... 96 ruby ./wpscan.rb --url www.example.com --proxy 127.0.0.1:8118 97 使用SoCKS5代理 98 -Use a SOCKS5 proxy ... (cURL >= v7.21.7 needed) 99 ruby ./wpscan.rb --url www.example.com --proxy socks5://127.0.0.1:9000100 使用自定义内容目录 101 -Use custom content directory ... 102 ruby ./wpscan.rb -u www.example.com --wp-content-dir custom-content103 使用自定义插件目录 104 -Use custom plugins directory ... 105 ruby ./wpscan.rb -u www.example.com --wp-plugins-dir wp-content/custom-plugins 106 更新数据库 107 -Update the DB ... 108 ruby ./wpscan.rb --update 109 调试输出 110 -Debug output ... 111 ruby ./wpscan.rb --url www.example.com --debug-output 2>debug.log 112 113 See README for further information.
2.对配置好的靶机进行扫描
wpscan -u 192.168.64.138 /wpscan --url 192.168.64.138命令详解:对目标地址进行扫描
1 root@kali:~# wpscan -u 192.168.64.138 2 _______________________________________________________________ 3 __ _______ _____ 4 \ \ / / __ \ / ____| 5 \ \ /\ / /| |__) | (___ ___ __ _ _ __ 6 \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \ 7 \ /\ / | | ____) | (__| (_| | | | | 8 \/ \/ |_| |_____/ \___|\__,_|_| |_| 9 10 WordPress Security Scanner by the WPScan Team 11 Version 2.9.1 12 Sponsored by Sucuri - https://sucuri.net 13 @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_ 14 _______________________________________________________________ 15 16 [+] URL: http://192.168.64.138/ 17 [+] Started: Fri Aug 17 23:20:05 2018 18 19 [!] The WordPress 'http://192.168.64.138/readme.html' file exists exposing a version number 20 [+] Interesting header: LINK: <http://192.168.64.138/index.php/wp-json/>; rel="https://api.w.org/" 21 [+] Interesting header: SERVER: Apache 22 [+] XML-RPC Interface available under: http://192.168.64.138/xmlrpc.php 23 24 [+] WordPress version 4.7.4 identified from advanced fingerprinting (Released on 2017-04-20) 25 [!] 25 vulnerabilities identified from the version number 26 27 [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset 28 Reference: https://wpvulndb.com/vulnerabilities/8807 29 Reference: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html 30 Reference: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html 31 Reference: https://core.trac.wordpress.org/ticket/25239 32 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295 33 34 [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation 35 Reference: https://wpvulndb.com/vulnerabilities/8815 36 Reference: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11 37 Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/ 38 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066 39 [i] Fixed in: 4.7.5 40 41 [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC 42 Reference: https://wpvulndb.com/vulnerabilities/8816 43 Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/ 44 Reference: https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381 45 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062 46 [i] Fixed in: 4.7.5 47 对具有漏洞的脚本进行扫描···· 286 287 [+] Finished: Fri Aug 17 23:20:10 2018 288 [+] Requests Done: 50 289 [+] Memory used: 50.062 MB 使用内存 290 [+] Elapsed time: 00:00:04 耗时
3.通过漏洞插件扫描用户wpscan -u 192.168.64.138 -e u vp命令详解 -e使用枚举方式 u 扫描ID1-ID10 vp扫描漏洞插件
1 root@kali:~# wpscan -u 192.168.64.138 -e u vp 2 _______________________________________________________________ 3 __ _______ _____ 4 \ \ / / __ \ / ____| 5 \ \ /\ / /| |__) | (___ ___ __ _ _ __ 6 \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \ 7 \ /\ / | | ____) | (__| (_| | | | | 8 \/ \/ |_| |_____/ \___|\__,_|_| |_| 9 10 WordPress Security Scanner by the WPScan Team 11 Version 2.9.1 12 Sponsored by Sucuri - https://sucuri.net 13 @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_ 14 _______________________________________________________________ 15 16 [+] URL: http://192.168.64.138/ 17 [+] Started: Fri Aug 17 23:30:12 2018 18 19 [!] The WordPress 'http://192.168.64.138/readme.html' file exists exposing a version number 20 [+] Interesting header: LINK: <http://192.168.64.138/index.php/wp-json/>; rel="https://api.w.org/" 21 [+] Interesting header: SERVER: Apache 22 [+] XML-RPC Interface available under: http://192.168.64.138/xmlrpc.php 23 24 [+] WordPress version 4.7.4 identified from advanced fingerprinting (Released on 2017-04-20) 25 [!] 25 vulnerabilities identified from the version number 26 27 [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset 28 Reference: https://wpvulndb.com/vulnerabilities/8807 29 Reference: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html 30 Reference: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html 31 Reference: https://core.trac.wordpress.org/ticket/25239 32 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295 33 34 [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation 35 Reference: https://wpvulndb.com/vulnerabilities/8815 36 Reference: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11 37 Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/ 38 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066 39 [i] Fixed in: 4.7.5 40 41 [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC 42 Reference: https://wpvulndb.com/vulnerabilities/8816 43 Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/ 44 Reference: https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381 45 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062 46 [i] Fixed in: 4.7.5 47 286 287 [+] Enumerating usernames ... 288 [+] Identified the following 1 user/s: 289 +----+-------+-----------------+ 290 | Id | Login | Name | 291 +----+-------+-----------------+ 292 | 1 | admin | admin – TurnKey | 293 +----+-------+-----------------+ 294 [!] Default first WordPress username 'admin' is still used 295 296 [+] Finished: Fri Aug 17 23:30:17 2018 297 [+] Requests Done: 64 298 [+] Memory used: 52.52 MB 299 [+] Elapsed time: 00:00:04
3.使用密码字典对用户进行爆破
wpscan -u 192.168.64.138 -e u --wordlist /root/wordlist.txt
命令详解: -e枚举方式 u 用户ID1-ID10 --wordlist使用指定字典进行密码爆破 /root/wordlist.txt 字典路径及字典文件 wordlist.txt字典文件需自己准备或使用kali自带字典
1 root@kali:~# wpscan -u 192.168.64.138 -e u --wordlist /root/wordlist.txt 2 _______________________________________________________________ 3 __ _______ _____ 4 \ \ / / __ \ / ____| 5 \ \ /\ / /| |__) | (___ ___ __ _ _ __ 6 \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \ 7 \ /\ / | | ____) | (__| (_| | | | | 8 \/ \/ |_| |_____/ \___|\__,_|_| |_| 9 10 WordPress Security Scanner by the WPScan Team 11 Version 2.9.1 12 Sponsored by Sucuri - https://sucuri.net 13 @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_ 14 _______________________________________________________________ 15 16 [+] URL: http://192.168.64.138/ 17 [+] Started: Fri Aug 17 23:37:59 2018 18 19 [!] The WordPress 'http://192.168.64.138/readme.html' file exists exposing a version number 20 [+] Interesting header: LINK: <http://192.168.64.138/index.php/wp-json/>; rel="https://api.w.org/" 21 [+] Interesting header: SERVER: Apache 22 [+] XML-RPC Interface available under: http://192.168.64.138/xmlrpc.php 23 24 [+] WordPress version 4.7.4 identified from advanced fingerprinting (Released on 2017-04-20) 25 [!] 25 vulnerabilities identified from the version number 26 27 [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset 28 Reference: https://wpvulndb.com/vulnerabilities/8807 29 Reference: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html 30 Reference: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html 31 Reference: https://core.trac.wordpress.org/ticket/25239 32 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295 33 34 [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation 35 Reference: https://wpvulndb.com/vulnerabilities/8815 36 Reference: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11 37 Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/ 38 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066 39 [i] Fixed in: 4.7.5 282 [!] Title: WP Super Cache <= 1.4.4 - PHP Object Injection 283 Reference: https://wpvulndb.com/vulnerabilities/8198 284 Reference: http://z9.io/2015/09/25/wp-super-cache-1-4-5/ 285 [i] Fixed in: 1.4.5 286 287 [+] Enumerating usernames ... 288 [+] Identified the following 1 user/s: 289 +----+-------+-----------------+ 290 | Id | Login | Name | 291 +----+-------+-----------------+ 292 | 1 | admin | admin – TurnKey | 293 +----+-------+-----------------+ 294 [!] Default first WordPress username 'admin' is still used 295 [+] Starting the password brute forcer 296 [+] [SUCCESS] Login : admin Password : Root******** 297 298 Brute Forcing 'admin' Time: 00:00:00 <===== > (2 / 3) 66.66% ETA: 00:00:00 299 +----+-------+-----------------+------------------+ 300 | Id | Login | Name | Password | 301 +----+-------+-----------------+------------------+ 302 | 1 | admin | admin – TurnKey | Root********* | 303 +----+-------+-----------------+------------------+ 304 305 [+] Finished: Fri Aug 17 23:38:06 2018 306 [+] Requests Done: 72 307 [+] Memory used: 53.016 MB 308 [+] Elapsed time: 00:00:06
4.其他常用命令
wpscan -u 192.168.64.138 -e u --wordlist /root/wordlist.txt -t 50
-e枚举方式 u 用户ID1-ID10 --wordlist使用指定字典进行密码爆破 /root/wordlist.txt 字典路径及字典文件 wordlist.txt字典文件需自己准备或使用kali自带字典 -t 指定50个线程数
此文为本人学习实践后所写,转载请注明出处
本文博客地址 https://www.cnblogs.com/WangYiqiang/p/9490869.html
因本人在带学校智能汽车竞赛,写文精力实属有限,请读者多多包涵
若本文有错误或者不足之处,请读者批评指正
如果喜欢本文请点击【推荐】
【IT电子书资源强力推荐,各类图书免费下载】
电子书网页制作 | CSS教程 | javascript电子书 | ASP电子书 | PHP电子书 | .NET电子书 | 编程开发 | 网络安全 | ajax 电子书 | VBS电子书 | 站长书籍 | hta电子书 | 数据库XML | 正则表达式 | 图形图像 | 网络相关 | 电脑技术 | 电脑报刊 | 电脑硬件 | 随书源码 | 服务器 | Linux_unix | dos批处理 | VBA |
数据库xmlsqlserver | Oracle | mysql | DB2 | xml | VFP | 数据库其它 |
软件开发程序基础 | VB 书籍 | Delphi | PowerBuilder | Flash/ActionScript | java电子书 | C/C++/C# | Android | IOS | Ruby教程 | perl | Python教程 | matlab | 汇编语言 | 编程其它 |
地址https://itbook.download/
转载于:https://www.cnblogs.com/WangYiqiang/p/9490869.html
WPScan扫描Wordpress漏洞相关推荐
- kali字典_kali黑客系统wpscan工具扫描wordpress漏洞入侵攻击测试教程
WPScan是Kali Linux默认自带的一款漏洞扫描工具,它采用Ruby编写,能够扫描WordPress网站中的多种安全漏洞,其中包括主题漏洞.插件漏洞和WordPress本身的漏洞.最新版本WP ...
- wpscan扫描的简单介绍(对WordPress的扫描CMS)
wpscan是专门用来扫描WordPress的扫描工具 可以对于wordpress进行漏洞扫描,还可以对于其中的主题,插件进行扫描.可以说用wpscan扫描WordPress是非常非常方便的 wpsc ...
- WordPress漏洞扫描工具WPScan
WordPress漏洞扫描工具WPScan WordPress是主流的PHP网站模版,以构建博客而闻名.WordPress可以通过安装插件和主题的方式扩展功能,这也带来的安全隐患.WordPress是 ...
- Wordpress漏洞利用WPscan使用
WordPress是一个开源的内容管理系统(CMS),在全球范围内使用比较广泛,当遇到一个WP站点时可以首先用WPscan进行扫描收集信息 WPscan WPScan是Kali Linux默认自带的一 ...
- Wordpress漏洞,WPScan使用完整攻略
转载https://blog.csdn.net/m0_37438418/article/details/81109660 爆路径方法: 1.http://www.chouwazi.com/wp-adm ...
- wordpress漏洞_用软件工具扫描WordPress / Shopify主题恶意代码以及漏洞分析相关工具...
Shopify的主题模板相对于其他WordPress市场的主题,价格偏高,很多卖家选择免费的去授权或者卖家使用后下载后的主题,那么这么就会有不法恶意人士向代码里面加入恶意代码或者制造一些主题漏洞后面, ...
- Wordpress漏洞
爆路径方法: 1.http://www.chouwazi.com/wp-admin/includes/admin.php 2.http://www.chouwazi.com/wp-content/pl ...
- wordpress漏洞_WordPress XSS漏洞可能导致远程执行代码(RCE)
原作者: Ziyahan Albeniz 在2019年3月13日,专注于静态代码分析软件的RIPS科技公司发布了他们在所有版本的WordPress 5.1.1中发现的跨站点脚本(XSS)漏洞的详细信息 ...
- 您需要了解的WordPress漏洞以及如何修复它们
by Joel S. Syder 乔尔·赛德(Joel S.Syder) 您需要了解的WordPress漏洞以及如何修复它们 (WordPress vulnerabilities you need t ...
最新文章
- 数据库9:联结表 高级联结 组合查询 全文本搜索
- spring框架_一篇文章带你理解Spring框架
- 发布订阅之direct
- 关于SpringMvc中js和图片路径正确但是不能加载的问题
- 计算机技术知识字,计算机基础知识
- 工控软件图形界面-控件实现(圆形仪表控件三)(zz)
- mysql for update死锁_Mysql 数据库死锁过程分析(select for update)
- python 联机_CoderZh首款Python联机对战游戏 - NancyTetris1.0倾情发布(一)
- python xml第三方库_我应该使用哪个python XML库?
- string函数使用---复制子字符串(含substr用法)
- BetaFlight模块设计之十三:Gyro过滤任务分析
- 机器学习(一) 贝叶斯法则与概念学习
- Datawhale 202210 Excel | 第九、十章 Excel数据可视化
- CISCO banner MOTD, Login的区别
- 招募,IT 技术界的伯乐和千里马
- 西门子1214 PID/通信模板 西门子PLC 1214和多台G120西门子变频器Modbud RTU通讯
- UE 创建c++class报错Unhandled Exception: EXCEPTION_ACCESS_VIOLATION reading address 0xffffffffff
- 费马小定理、威尔逊定理
- 【15】processing-三角函数(中文)
- NodeJS微信公众平台开发