±à¼ÍƼö: |
±¾ÎÄÀ´×ÔÓÚweixin£¬ÎÄÕ½éÉÜÁËCRLF×¢Èë,·Ö×é¼ÓÃÜËã·¨ÓëÁ÷ÃÜÂë¼ÓÃÜËã·¨Á½ÖֵȻ¥ÁªÍø°²È«µÄÏà¹ØÖªÊ¶£¬Ï£Íû¶ÔÄúÄÜÓÐËù°ïÖú¡£ |
|
µ±½ñ»¥ÁªÍøÐÐÒµ£¬ÌرðÊdzõ´´¹«Ë¾Óêºó´ºËñ°ã£¬´ó²¿·Ö¹«Ë¾¶Ô°²È«µÄÖØÊÓ¡¢Í¶Èë»òÕßÀí½â¶¼ÊDz»×ãµÄ¡£
Èç´Ëµ¼Ö£¬Ã»ÓÐÊÂ¹ÊÆäÀÖÈÚÈÚ£¬Ò»µ©³öÊ»ŻÅÕÅÕÅ¡£ÍöÑò²¹Àβ»ÊÇÎÒÃǵijö·£¬Î´Óê³ñçÑ£¬·À»¼Î´È»²ÅÊÇ¡£
×î½ü°ÑÊéÖØÐ·ÁË·£¬Ìô³öһЩ±È½ÏÈÝÒ×±»ºöÊÓµÄµã¸ø´ó¼ÒÒ²¸ø×Ô¼ºË¢ÐÂÒ»ÏÂ#°²È«#¹ÛÄî¡£
ºÚÃûµ¥ÊǷdz£²»ºÃµÄÉè¼ÆË¼Ïë
Éè¼Æ°²È«·½°¸-°×ñ×Ó±ø·¨
1 Secure By Default ÔÔò
Éè¼Æ°²È«·½°¸µÄ»ù±¾ÔÔò£¬ÖÐÎÄ·Ò롰ĬÈϰ²È«¡±²»Ì«ºÃÀí½â£¬Æäʵ¾Í°üº¬Á½²ãº¬Ò壺°×Ãûµ¥/ºÚÃûµ¥Ë¼Ï룬ºÍ×îСȨÏÞÔÔò¡£
Á½Õß´Ó×ÖÃæ¾Í±È½ÏºÃÀí½â£¬ÕâÀï±ØÐëÌØ±ðÇ¿µ÷һϡ°¾¡Á¿¸ü¶àµÄʹÓð×Ãûµ¥£¬ÉÙÓúÚÃûµ¥¡±£¬ÕâÑù¿ÉÒÔ±£Ö¤°²È«µÄ·¶Î§¿É¿Ø£¬È¨ÏÞ×îС¡£
±ÈÈçÖÆ¶¨Web·þÎñÆ÷µÄ·À»ðǽ²ßÂÔ£¬ÕýÈ·×ö·¨ÊÇÖ»¿ª·Å80ºÍ443¶Ë¿Ú£¬ÆÁ±Î³ý´ËÖ®ÍâµÄÆäËû¶Ë¿Ú£¬Õâ¾ÍÊÇ¡°°×Ãûµ¥¡±×ö·¨¡£¶øÈç¹ûʹÓá°ºÚÃûµ¥¡±£¬¼ÙÉè²»ÔÊÐíSSH¶Ë¿Ú¶Ô¹«Íø¿ª·Å£¬ÄDzßÂÔ¿ÉÄÜÖ»°ÑĬÈϵÄ22¶Ë¿Ú·ÅÈëÁ˺ÚÃûµ¥ÖУ¬ÍòÊ´ó¼ªÁËô£¿Êµ¼ÊÇé¿öÊÇ£¬¹¤³ÌʦΪÁË͵ÀÁ»òÕßͼ·½±ã£¬Ë½×Ô°ÑSSHµÄ¼àÌý¶Ë¿Ú¸Ä³ÉÁË2222£¬ÈƹýÁ˺ÚÃûµ¥²ßÂÔ¡£ã±ÆÁ˰ɣ¿
2 ×ÝÉî·ÀÓùÔÔò
Defense in Depth Ò²ÊÇÉè¼Æ°²È«·½°¸µÄÖØÒªÖ¸µ¼Ë¼Ïë¡£¾ÍÏñÄã²»¹âÔÚHMTL±íµ¥ÉÏÓÐJSµÄ×Ö¶ÎУÑ飬·þÎñ¶ËÒ²ÓÐУÑ飬´ïµ½²ã²ã¹ýÂ˵ÄЧ¹û¡£ÒòΪÔÚÒ»¸ö»·½ÚÉèÖÃËùÓеķÀÓù´ëÊ©ÊDz»¿ÉÄܵģ¬°Ñ·çÏÕ·ÖÉ¢µ½¸÷¸ö²ãÃæ½øÐÐÀ¹½ØÒ²²»Ê§ÎªÒ»ÖÖÎÈÍ׵İ취¡£
3 Êý¾ÝÓë´úÂë·ÖÀëÔÔò
´ó¶àÊý¡°×¢È롱Òý·¢µÄ°²È«ÎÊÌâ¶¼ÊÇÎ¥±³ÁËÕâ¸öÔÔò£¬±ÈÈç¡°SQL×¢È롱¾ÍÊǰѲ»ºÏ·¨µÄÓû§ÊäÈëÆ´½ÓÆðÀ´½øÐÐÁË·Ç·¨µÄÊý¾Ý¿â²Ù×÷¡£ÆäËûÀàËÆXSS,
CRLF×¢ÈëÒàͬ¡£
4 ²»¿ÉÔ¤²âÔÔò
¸ÃÔÔòÓëÇ°ÃæÈýÖÖ²»Í¬£¬¸ü¶àµÄÊÇ´Ó¿Ë·þ¹¥»÷·½·¨µÄ½Ç¶È¿´ÎÊÌâ¡£Ëü¾ÍÃîÔÚ¼´Ê¹ÎÞ·¨ÐÞ¸´codeÀ´±£Ö¤°²È«£¬ÎÒÒ²Äܹ»Ê¹¹¥»÷µÄ·½·¨ÎÞЧ£¬»òÕßÖ»ÊÇÌá¸ß¹¥»÷µÄÃż÷£¬¶¼¿ÉÒÔËã×ö³É¹¦µÄ·ÀÓù¡£
±ÈÈçÂÛ̳µÄÌû×ÓÐòºÅ¼ÙÉèÊÇÉýÐò×ÔÔö³¤µÄ£¬ÄÇô¹¥»÷ÕßÏëÒªÅúÁ¿É¾³ýÎÄÕ£¬½Å±¾Ö»Òª¼òµ¥µÄµÝÔöÑ»·¾Í¸ã¶¨ÁË¡£µ«Èç¹û°´ÕÕ¡°²»¿ÉÔ¤²â¡±ÔÔò£¬Ìû×ÓµÄÐòºÅÊÇËæ»úµÄÀàËÆuuidµÄ²»¿ÉÔ¤²âÖµ£¬ÄDZØÈ»Ìá¸ßÁ˹¥»÷Õß±éÀúËùÓÐÌû×ÓÐòºÅµÄÃż÷¡£
Ç¿µ÷×Ö·û±àÂëµÄÒ»ÖÂÐÔÕæµÄ²»½ö½öÊÇΪÁË
¿´ÆðÀ´/ÔËÐÐÆðÀ´²»ÂÒÂë¶øÒÑ
Character Encoding Consistency
±àÂëÎÊÌâ

ÏÖ¶ø½ñ»¥ÁªÍøÓ¦ÓÃÆÕ±é»áÒªÇóÑз¢»·¾³ËùÓÐ×Ö·û±àÂë±ØÐëÊÇUTF-8£¨»¹ÔÚÓÃGBK£¿ÄÇÊÇÌúÁËÐIJ»Ïë½ø¾ü¹ú¼Ê£©¡£Í³Ò»±àÂë¶ÔºÜ¶àÈË¿ÉÄÜÖ»ÊÇÒâζ×Å£º´ò¿ªIDE²»ÂÒÂ룬ǰºó¶ËÊý¾Ý´«Êä²»ÂÒÂëµÈµÈ¡£Æäʵ»ìÂÒµÄ×Öĸ±àÂëºÜ¿ÉÄܵ¼Ö°²È«ÎÊÌ⣡
ÔÚGBK×Ö·û¼¯ÖУ¬0xbf27 ²»ÊÇÒ»¸öÓÐЧµÄ¶à×Ö½Ú×Ö·û£¬ÔÚ½âÎöΪµ¥×Ö½Ú×Ö·ûµÄ¹ý³ÌÖУ¬ 0xbf27
±ä³ÉÁË 0xbf(?) ºÍ 0x27(') Ë«×Ö·û£¬0xbf5c ÊÇGBK×Ö·û¼¯ÀïÓÐЧµÄÖÐÎÄ×Ö·û£¨¿\£©¡£

¸Ã©¶´ÔçÔÚ2006Äê¾Í±»·¢ÏÖ£¬¹úÍâÓÃÀ´ÌÖÂÛÊý¾Ý¿â×Ö·û¼¯ÉèΪGBKʱ£¬ÔÚ½øÈëÊý¾Ý¿â֮ǰ£¬±ÈÈçPHPÖÐʹÓÃaddslashes()º¯Êý£¬»òÕß¿ªÆômagic_quotes_gpcʱ£¬Ìí¼ÓµÄתÒå·û¾Í»áÔì³ÉµÄÕâ¸ö×¢Èë©¶´¡£
http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string
¼ÙÉèÒ»ÕÅusers±í£¬²éѯÓï¾äÊÇ
select * from
users
where username = '$input_username'
and password = '$input_password' |
¹¥»÷ÕßÊäÈëµÄÃÜÂëÊÇ£º
ÒòΪ 0xbf27 ²»ÊÇÓÐЧ×Ö·û£¬¾¹ýPHP addslashes() תÒåºó»áÔÚ bf ºÍ 27
Ö®¼äÌí¼ÓתÒå·û ("\"µÄASCII ÂëΪ 0x5c), ×îÖÕ±ä³ÉÁË0xbf5c27¡£
¶ø 0xbf5c ÕýºÃ¶ÔÓ¦GBK×Ö·û£¨¿\£©£¬ËùÒÔSQLµ½Êý¾Ý¿âÀï¾Í±ä³ÉÁË
select * from
users
where username = '$input_username'
and password = '¿\' or '1'='1' |
SQLÁнضϹ¥»÷
ÔÚÉè¼Æ¿É±ä³¤¶ÈÁеÄʱºò£¬µ½µ×ÉèÖö೤ºÜ¶àÈËÊÇÅÄÄÔ´ü£¬¾ÍËãͻȻÄÄÌì·¢ÏÖ³¤¶È²»¹»ÁË£¬´ó²»ÁË Alter
¼Ó³¤Ò»ÏÂß¡£ µ«ÊÇʵ¼ÊÇé¿öÊÇ£¬ÕâÀï¾ÍÓЩ¶´£¡
MYSQL ÀïÃæÓиö sql_mode Ñ¡ÏÉèÖÃΪdefaultʱ£¬Òâζ×ÅûÓпªÆô STRICT_ALL_TABLESÑ¡ÏÓû§²åÈ볬³¤µÄÖµÖ»»áÌáʾwarning,
¶ø²»ÊÇ error ±¨Òì³£¡£ÀûÓÃÕâµã¾Í¿ÉÒÔʵÏÖԽȨ·ÃÎʵȹ¥»÷¡£
WordPress¾Í³öÏÖ¹ýÒ»¸öÕæÊµµÄ°¸Àý£¬×¢²áÒ»¸öÓû§ÃûΪ¡°admin (55¸ö¿Õ¸ñ) x¡±µÄÓû§£¬´æµ½Êý¾Ý¿âµÄʱºò±»½Ø¶ÏÁË£¬ÕâÑùÊý¾Ý¿âÀï¾ÍÓÐÁ½Óû§ÃûÊÇ
admin µÄ¼Ç¼¡£µ±È»Äã¿ÉÒÔ˵µÚ¶þÌõÓпոñ²»»áÓõÈʽ²éѯûÎÊÌ⣬µ«Èç¹û³öÏÖ like Ö®ÀàµÄÓï¾äÄØ£¬ËÒ²²»¸Ò±£Ö¤¡£
CRLF×¢Èë
CR = »Ø³µ (ASCII 13, \r, 0x0d)£¬ ±¾ÒåÊǹâ±êÖØÐ»ص½±¾ÐпªÍ·£¬rµÄÓ¢ÎÄreturn£¬¿ØÖÆ×Ö·û¿ÉÒÔд³ÉCR£¬¼´Carriage
Return¡£
LF = »»ÐÐ (ASCII 10, \n, 0x0a)£¬ ±¾ÒåÊǹâ±êÍùÏÂÒ»ÐУ¨²»Ò»¶¨µ½ÏÂÒ»ÐÐÐÐÊ×£©£¬nµÄÓ¢ÎÄnewline£¬¿ØÖÆ×Ö·û¿ÉÒÔд³ÉLF£¬¼´Line
Feed
ÔÚ¼ÆËã»ú»¹Ã»ÓгöÏÖ֮ǰ£¬ÓÐÒ»ÖÖ½Ð×öµç´«´ò×Ö»ú£¨Teletype Model 33£©µÄÍæÒ⣬ÿÃëÖÓ¿ÉÒÔ´ò10¸ö×Ö·û¡£µ«ÊÇËüÓÐÒ»¸öÎÊÌ⣬¾ÍÊÇ´òÍêÒ»Ðл»ÐеÄʱºò£¬ÒªÓÃÈ¥0.2Ã룬ÕýºÃ¿ÉÒÔ´òÁ½¸ö×Ö·û¡£ÒªÊÇÔÚÕâ0.2ÃëÀïÃæ£¬ÓÖÓÐеÄ×Ö·û´«¹ýÀ´£¬ÄÇôÕâ¸ö×Ö·û½«¶ªÊ§¡£
ÓÚÊÇ£¬ÑÐÖÆÈËÔ±ÏëÁ˸ö°ì·¨½â¾öÕâ¸öÎÊÌ⣬¾ÍÊÇÔÚÿÐкóÃæ¼ÓÁ½¸ö±íʾ½áÊøµÄ×Ö·û¡£Ò»¸ö½Ð×ö¡°»Ø³µ¡±£¬¸æËß´ò×Ö»ú°Ñ´òÓ¡Í·¶¨Î»ÔÚ×ó±ß½ç£»ÁíÒ»¸ö½Ð×ö¡°»»ÐС±£¬¸æËß´ò×Ö»ú°ÑÖ½ÏòÏÂÒÆÒ»ÐС£
°×ñ×ÓÖн²µÄµÚÒ»¸ö³¡¾°ÊÇÈÕÖ¾Îļþ×¢È룬ͨ¹ý»»Ðзû¿ÉÒÔ´òӡһЩαÔìµÄÈÕÖ¾£¬µ«ÊÇʵÓÃÐԱȽÏÈõ¡£ÁíÒ»¸öΣº¦±È½Ï´ó£¬ÊÇ¡°×¢ÈëHTTPÍ·¡±¡£
ÔÚHTTPÐÒéÖУ¬HTTPÍ·ÊÇͨ¹ý¡°\r\n¡±À´·Ö¸îµÄ£¬ÕâÖÖCRLF×¢ÈëÒ²½Ð¡°Http Response
Splitting¡±£¬×ÖÃæ¾Í˵Ã÷°×ÁË£¬¾ÍÊǰÑÓ¦´ðµÄ body ¸øÖ«½âÁË£¬¹¥»÷Õß°Ñ×Ô¼ºµÄ´úÂë×¢Èëµ½Ö«½âºóµÄÔ±¾Ò³Ãæ´úÂëÖУ¬´ïµ½¹¥»÷Ä¿µÄ¡£

¼ÓÃÜËã·¨¹¥»÷
³£¼ûµÄ¶Ô³Æ¼ÓÃÜËã·¨·ÖΪ·Ö×é¼ÓÃÜËã·¨ÓëÁ÷ÃÜÂë¼ÓÃÜËã·¨Á½ÖÖ¡£
·Ö×é¼ÓÃÜËã·¨»ùÓÚ¡°·Ö×顱£¨block£©½øÐвÙ×÷£¬¸ù¾ÝËã·¨µÄ²»Í¬£¬Ã¿¸ö·Ö×éµÄ³¤¶È¿ÉÄܲ»Í¬¡£´ú±íËã·¨ÓÐDES,
3-DES, Blowfish, IDEA, AESµÈ¡£
¶øÁ÷ÃÜÂë¼ÓÃÜËã·¨£¬Ôòÿ´ÎÖ»´¦ÀíÒ»¸ö×Ö½Ú£¬¼ÓÃܺͽâÃÜË«·½Ê¹ÓÃÏàÍ¬Î±Ëæ»ú¼ÓÃÜÊý¾ÝÁ÷£¬Ò»°ã¶¼ÊÇÖðλÒì»òËæ»úÃÜÂë±¾µÄÄÚÈÝ¡£´ú±íÓÐ
RC4, ORYX, SEAL µÈ¡£
1 Á÷ÃÜÂë¹¥»÷
Á÷ÃÜÂë¼ÓÃÜËã·¨µÄÐÔÄܷdz£ºÃ£¬Òò´Ë·Ç³£ÊÜ¿ª·¢ÕߵĻ·¾³¡£µ«ÊÇÔÚÁ÷ÃÜÂëµÄʹÓÃÖУ¬×î³£¼ûµÄ´íÎó±ãÊÇʹÓÃͬһ¸öÃØÔ¿½øÐжà´Î¼Ó½âÃÜ¡£ÆÆ½âÁ÷ÃÜÂëµÄÕâÖÖ¹¥»÷³Æ×÷
¡°Reused Key Attack¡±£¬ÔÚÕâÖÖ¹¥»÷Ï£¬¹¥»÷Õß²»ÐèÒªÖªµÀÃØÔ¿¾Í¿ÉÒÔ»¹Ô³öÃ÷ÎÄ¡£
»ù±¾ÔÀíͨ¹ý¼òµ¥µÄ¹«Ê½ÍƵ¼¾Í¿ÉÒÔÀí½â¡£¼ÙÉèÃ÷ÎÄA£¬ºÍÃ÷ÎÄB£¬ÃØÔ¿C£¬ÄÇô XOR Òì»ò¼ÓÃܿɱíʾΪ£º
E£¨A£© = A xor
C
E£¨B£© = B xor C |
ÎÒÃÇÖªµÀÃÜÎĿ϶¨Êǹ«Ö®ÓÚÖڵģ¬ÓÖÖªµÀÏàͬµÄÁ½¸öÊý×Ö½øÐÐ XOR Òì»òÔËËã½á¹ûΪ
0£¬Óɴ˿ɵãº
E(A) xor E(B)
= (A xor C) xor (B xor C) = A xor B xor C xor
C = A xor B |
¼´£º
Õâ¸ö¹«Ê½ËĸöÊýÖµ£¬Òâζ×ÅÖ»ÐèÒªÖªµÀÆäÖÐÈý¸ö£¬¾Í¿ÉÒÔÍÆµ¼³öʣϵÄÒ»¸ö¡£¶ø¹«Ê½ÖÐÍêȫûÓÐÃØÔ¿CµÄ´æÔÚ...
¹¥»÷ÔÀíÒ²¾ÍÇåÎúÁË£¬ÎÒÏÈͨ¹ýºÏ·¨ÇëÇó»ñÈ¡µ½Ã÷ÎÄ A ¶ÔÓ¦µÄÃÜÎÄ E(A)£¬È»ºóÄõ½ÁíÒ»¸öÓû§µÄÃÜÎÄ
E(B)£¬ ¿ÉÒÔÇáËÉ·´ÍƳöÃ÷ÎÄ B À´¡£
ÓйØÁ÷ÃÜÂëµÄ¹¥»÷·½·¨»¹Óм¸ÖÖ£¬ÖîÈç Bit-flipping Attack£¬ ÈõËæ»ú IV ÎÊÌ⣬WEPÆÆ½âµÈµÈ¡£×ÜÖ®£¬ÕâÒ»Çж¼ÌáÐÑÎÒÃÇ£¬×÷Ϊ¿ª·¢ÕßÔÚʹÓÃÈκÎÒ»¸ö¼ÓÃÜËã·¨µÄʱºò£¬Ò»¶¨Òª½«ÆäÔÀíÑо¿Í¸³¹£¬·ñÔò×ÔÈÏΪµÄ"°²È«"¶¼¿ÉÄÜÂÙΪ±ðÈ˵ÄЦ±ú¡£
2 ECBģʽµÄȱÏÝ
·Ö×é¼ÓÃÜËã·¨£¬³ýÁËËã·¨±¾Éí£¬»¹ÓÐһЩͨÓõļÓÃÜģʽ£¬³£¼ûµÄÓУºECB, CBC, CFB, OFB,
CTR µÈ¡£Èç¹û¼ÓÃÜģʽ±»¹¥»÷£¬ÄÇô²»ÂÛ¼ÓÃÜËã·¨µÄÃØÔ¿Óж೤£¬ ¶¼¿ÉÄܲ»°²È«¡£
ECBģʽ£¨µçÂ벾ģʽ£©ÊÇ×î¼òµ¥µÄÒ»ÖÖ¼ÓÃÜģʽ£¬ËüµÄÿ¸ö·Ö×éÖ®¼äÏà¶Ô¶ÀÁ¢£¬¼ÓÃܹý³ÌÈçͼ£º

ECBģʽ×î´óµÄÎÊÌâÒ²¾Í³ý·Ç·Ö×éµÄ¶ÀÁ¢ÐÔÉÏ£º¹¥»÷ÕßÖ»Ðè¶Ôµ÷ÈÎÒâ·Ö×éµÄÃÜÎÄ£¬ÔÚ¾¹ý½âÃܺó£¬ËùµÃµÄÃ÷ÎÄ˳ÐòÒ²ÊǾ¹ý¶Ôµ÷µÄ¡£
À´¸öÖ±¹ÛµÄÀý×Ó£¬ºÜÈÝÒ×Àí½â¡£¼ÙÉèij¸öÖ§¸¶Ó¦ÓÃÖУ¬Óû§Ìá½»µÄÃÜÎĶÔÓ¦µÄÃ÷ÎÄÊÇ£º
ÆäÖÐǰ16¸ö×Ö½ÚΪ£º
ÕâÕýºÃÊÇÒ»¸ö»òÕßÁ½¸ö·Ö×éµÄ³¤¶È£¬Òò´Ë¹¥»÷ÕßÖ»ÐèҪʹÓá°1.00¡±µÄÃÜÎÄ£¬Ìæ»»¡°10000.00¡±µÄÃÜÎÄ£¬¾Í¿ÉÒÔαÔìÖ§¸¶½ð¶î´Ó10000Ôª±ä³ÉÁË1Ôª¡£
×¢Ò⣬ECBģʽµÄȱÏݲ¢·ÇÊÇij¸ö¼ÓÃÜËã·¨µÄÎÊÌ⣬¼´Ê¹Ç¿×³Èç AES-256
Ëã·¨£¬Ö»ÒªÊ¹ÓÃECBģʽ£¬Ò²ÎÞ·¨±ÜÃâÕâÎÊÌâ¡£Òò´Ë£¬µ±ÐèÒª¼ÓÃܵÄÃ÷Îij¤¶È´óÓÚÒ»¸ö·Ö×éµÄ³¤¶ÈÊÇ£¬Ó¦µ±±ÜÃâʹÓÃECBģʽ¡£
ÓÐЩͬѧ»á˵£¬ÒÔºó¾ÍÓà CBC·Ö×éÁ´Ê½¼ÓÃÜģʽ£¬¿Ï¶¨Ã»ÎÊÌâÁË¡£ÉÙÄ꣬ÌìÏÂûÓÐÎÞ·ìµÄµ°¡£ÆäʵÕë¶ÔCBCģʽµÄ¡°Padding
Oracle Attack¡± ÔÚ2002Äê¾Í³öÏÖÁË£¬µ«ÊÇ CBC ȷʵ±È ECBµÄ¹¥»÷ÄѶÈÒª´óºÜ¶à£¬ÓÐÐËȤµÄͬѧ¿ÉÒÔÑо¿Ï¡£

½áÓï
»¥ÁªÍø°²È«ÊǸöºÜ´óµÄ»°Ì⣬°×ñ×ÓÒ»ÊéÖн«Æä»®·Ö³ÉËĴ󲿷֣ºÊÀ½ç¹Û°²È«¡¢¿Í»§¶Ë½Å±¾°²È«¡¢·þÎñÆ÷¶ËÓ¦Óð²È«¡¢¹«Ë¾°²È«ÔËÓª£¨ÒµÎñ°²È«£©£¬ÉíΪ»¥ÁªÍøÈË£¬°²È«·À·¶£¬
ÔðÎÞÅÔ´û¡£
|