搜尋此網誌

2016/9/28

[python]設定timezone及取時間

我的python有點弱找了一陣子,感覺最簡單的方式算是這樣使用了
筆記一下
import pytz, datetime

tz=pytz.timezone('Asia/Taipei')
dt=datetime.datetime.now(tz)
print dt.strftime("%b %d %H:")
http://strftime.org/
如果要

CodeMeaningExample
%aWeekday as locale’s abbreviated name.Mon
%AWeekday as locale’s full name.Monday
%wWeekday as a decimal number, where 0 is Sunday and 6 is Saturday.1
%dDay of the month as a zero-padded decimal number.30
%-dDay of the month as a decimal number. (Platform specific)30
%bMonth as locale’s abbreviated name.Sep
%BMonth as locale’s full name.September
%mMonth as a zero-padded decimal number.09
%-mMonth as a decimal number. (Platform specific)9
%yYear without century as a zero-padded decimal number.13
%YYear with century as a decimal number.2013
%HHour (24-hour clock) as a zero-padded decimal number.07
%-HHour (24-hour clock) as a decimal number. (Platform specific)7
%IHour (12-hour clock) as a zero-padded decimal number.07
%-IHour (12-hour clock) as a decimal number. (Platform specific)7
%pLocale’s equivalent of either AM or PM.AM
%MMinute as a zero-padded decimal number.06
%-MMinute as a decimal number. (Platform specific)6
%SSecond as a zero-padded decimal number.05
%-SSecond as a decimal number. (Platform specific)5
%fMicrosecond as a decimal number, zero-padded on the left.000000
%zUTC offset in the form +HHMM or -HHMM (empty string if the the object is naive).
%ZTime zone name (empty string if the object is naive).
%jDay of the year as a zero-padded decimal number.273
%-jDay of the year as a decimal number. (Platform specific)273
%UWeek number of the year (Sunday as the first day of the week) as a zero padded decimal number. All days in a new year preceding the first Sunday are considered to be in week 0.39
%WWeek number of the year (Monday as the first day of the week) as a decimal number. All days in a new year preceding the first Monday are considered to be in week 0.39
%cLocale’s appropriate date and time representation.Mon Sep 30 07:06:05 2013
%xLocale’s appropriate date representation.09/30/13
%XLocale’s appropriate time representation.07:06:05
%%A literal '%' character.%
張貼者: 沒有留言:
標籤: , ,

[資安]CVE-2016-6662 mysql、mariadb

都忘記發文了,
主要是CVE-2016-6662這個漏洞,最先公告的地方是這網站
http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.txt
簡中版
http://bobao.360.cn/learning/detail/3027.html
影響範圍
MySQL  <= 5.7.14       Remote Root Code Execution / Privilege Escalation (0day)
   5.6.32
    5.5.51

MySQL clones are also affected, including:

MariaDB
PerconaDB 
但底下的III. INTRODUCTION寫了
The vulnerability affects all MySQL servers in default configuration in all 
version branches (5.7, 5.6, and 5.5) including the latest versions, and could 
be exploited by both local and remote attackers. 
Both the authenticated access to MySQL database (via network connection or web 
interfaces such as phpMyAdmin) and SQL Injection could be used as exploitation 
vectors.

看起來是全系列都受影響,但測試舊版的rhel6 mysql、rhel5 mysql發現並無my.cnf內沒有mysqld_safe的相關設定,所以只影響到新版包含使用mysql source code fork出去的資料庫

基本上漏洞使用的方式就是分2種
1、有帳號
使用此漏洞可以修改my.cnf,可以控制my.cnf
2、沒帳號
使用trigger,讓mysql在flush時觸發後提權帳號,再控制my.cnf

暫態解法
https://www.psce.com/blog/2016/09/12/how-to-quickly-patch-mysql-server-against-cve-2016-6662/
https://dev.mysql.com/doc/refman/5.5/en/mysqld-safe.html#option_mysqld_safe_malloc-lib
https://github.com/percona/percona-server/commit/c14be53e029442f576cced1fb8ff96b58e89f2e0#diff-144aa2f11374843c969d96b7b84247eaR261
暫時性可以用的解法在mysql官方還沒正式更新前,就是用github裡的方式,指定可以載入lib的目錄,非這些目錄的不可以載入


http://bobao.360.cn/learning/detail/3026.html
http://www.ithome.com.tw/news/108454
http://avfisher.win/archives/tag/mysql
http://legalhackers.com/exploits/0ldSQL_MySQL_RCE_exploit.py
張貼者: 沒有留言:
標籤: , ,

[分享]南港推拿~ "奕霖損傷整復"

自從工作後,運動時間越來越短受傷機率越來越大
到了台北後,腳扭傷了也不知道去那看又怕治不好囧
在偶然之間,找到了一間還不錯的醫生,離租屋處又近
傷了近十年的大拇指,就在這裡一次處理好了~(噴淚
收費方式是看藥布大小而定~~
推薦給大家
真的很不錯,整個球隊、公司打球的朋友、朋友的朋友也都來這裡看了~~超棒的
喔,對了,腰傷的話,通常要帶X光片去給奕霖,要不然可能不會推喔



張貼者: 沒有留言:
標籤: , , , , , , , , , , ,

2016/9/7

[php]資安的東西

PHP Security Cheat Sheet
https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet
the Month of PHP Security
http://blog.php-security.org/index.html

https://github.com/OWASP/phpsec/blob/master/README.md
Security in PHP - 那些在滲透測試的小技巧
http://www.slideshare.net/p8361/php-15004638
張貼者: 沒有留言:
標籤: , ,
訂閱: 文章 (Atom)