|
Notice: |
拖延症Procrastination
作者:黑海洋 日期:2010-03-10
Procrastination的形成
1.一个人认为自己5天之内可以做完一件事情,所以在离deadline还有15天的时候一点不着急,直到最后只剩5天了才开始。
2.这种紧迫感和焦虑往往促发人的斗志,会让自己觉得,自己只有在压力状态下才有做事情的状态。
3.最后拿到成绩的时候,成绩往往不是很差,这样子就强化了自己最适合在deadline之前短期高压的状态下工作的心态,并且对以后的行为不断进行自我暗示。
这一个部分写得非常符合大部分有拖沓习惯的中国学生的经历。因为中国学生往往非常聪明,所以哪怕最后只剩一点点时间了,也会完成得不错;从而自认为自己最适合这样子的工作状态。周而复始,反复循环。
Procrastination的其他特点
1.没有自信。因为每次完成任务都达不到自己最高的能力,对自我能力的评估会越来越低。
1.一个人认为自己5天之内可以做完一件事情,所以在离deadline还有15天的时候一点不着急,直到最后只剩5天了才开始。
2.这种紧迫感和焦虑往往促发人的斗志,会让自己觉得,自己只有在压力状态下才有做事情的状态。
3.最后拿到成绩的时候,成绩往往不是很差,这样子就强化了自己最适合在deadline之前短期高压的状态下工作的心态,并且对以后的行为不断进行自我暗示。
这一个部分写得非常符合大部分有拖沓习惯的中国学生的经历。因为中国学生往往非常聪明,所以哪怕最后只剩一点点时间了,也会完成得不错;从而自认为自己最适合这样子的工作状态。周而复始,反复循环。
Procrastination的其他特点
1.没有自信。因为每次完成任务都达不到自己最高的能力,对自我能力的评估会越来越低。
Tags: 拖延症 Procrastination
网站流量突然猛增
作者:黑海洋 日期:2010-03-07
无聊的产物
作者:黑海洋 日期:2010-03-07
SqlMap老外的东西
作者:黑海洋 日期:2010-03-06
sqlmap implements three techniques to exploit a SQL injection vulnerability:
Inferential blind SQL injection: sqlmap appends to the affected parameter in the HTTP request, a syntatically valid SQL statement string containing a Select sub-statement, or any other SQL statement whose the user want to retrieve the output. For each HTTP response, by making a comparison based upon HTML page content hashes, or string matches, with the original request, the tool determines the output value of the statement character by character. The bisection algorithm implemented in sqlmap to perform this technique is able to fetch each output character with at maximum seven HTTP requests. This is sqlmap default SQL injection technique.
UNION query (inband) SQL injection, also known as Full UNION query SQL injection: sqlmap appends to the affected parameter in the HTTP request, a syntatically valid SQL statement string starting with a UNION ALL Select. This techique is useful if the web application page passes the output of the Select statement to a for cycle, or similar, so that each line of the query output is printed on the page content. sqlmap is also able to exploit Partial UNION query SQL injection vulnerabilities which occur when the output of the statement is not cycled in a for construct whereas only the first entry output is displayed. This technique is much faster if the target url is affected by because in a single HTTP response it returns the whole query output or a entry per each response within the page content. This SQL injection technique is an alternative to the first one.
Stacked queries support, also known as multiple statements support: sqlmap tests if the web application supports stacked queries then, in case it does support, it appends to the affected parameter in the HTTP request, a semi-colon (;) followed by the SQL statement to be executed. This technique is useful to run SQL statements other than Select like, for instance, data definition or data manipulation statements possibly leading to file system read and write access and operating system command execution depending on the underlying back-end database management system and the session user privileges.
Inferential blind SQL injection: sqlmap appends to the affected parameter in the HTTP request, a syntatically valid SQL statement string containing a Select sub-statement, or any other SQL statement whose the user want to retrieve the output. For each HTTP response, by making a comparison based upon HTML page content hashes, or string matches, with the original request, the tool determines the output value of the statement character by character. The bisection algorithm implemented in sqlmap to perform this technique is able to fetch each output character with at maximum seven HTTP requests. This is sqlmap default SQL injection technique.
UNION query (inband) SQL injection, also known as Full UNION query SQL injection: sqlmap appends to the affected parameter in the HTTP request, a syntatically valid SQL statement string starting with a UNION ALL Select. This techique is useful if the web application page passes the output of the Select statement to a for cycle, or similar, so that each line of the query output is printed on the page content. sqlmap is also able to exploit Partial UNION query SQL injection vulnerabilities which occur when the output of the statement is not cycled in a for construct whereas only the first entry output is displayed. This technique is much faster if the target url is affected by because in a single HTTP response it returns the whole query output or a entry per each response within the page content. This SQL injection technique is an alternative to the first one.
Stacked queries support, also known as multiple statements support: sqlmap tests if the web application supports stacked queries then, in case it does support, it appends to the affected parameter in the HTTP request, a semi-colon (;) followed by the SQL statement to be executed. This technique is useful to run SQL statements other than Select like, for instance, data definition or data manipulation statements possibly leading to file system read and write access and operating system command execution depending on the underlying back-end database management system and the session user privileges.





