?????????????????????
?????????? ???????[ 2010/2/20 16:55:23 ] ????????
??????????????????????????????????????????????????????????????????????????????????У??????????????????
1:??б??????????
?????????
?????????????????????????????
??????????
С???????
????????????
?????????????
??????????
?????Χ
??????????????
??????????????????
2:?????????????
?????????
????????????????????????????棬?????????url???????????????????????????????????????
??????????????????????????????????URL??????????????????????????????????????????
3:???????????????
??????Grid??Label??Tree view????????δ???????????????????html????????????
4:????????XSS??
???????????????????????????????????з???????????????????????????????
?????????
•HTML?????<??>??</??>
•????????&(&)??<(<)??>(>)?? (???) ??
•????????
<scr??pt language=??javascr??pt??>
??Alert(????)
</scr??pt>
•??????????? ?? < > /
•С???????
•????????????
5:?????????
??м?????????
????view??source??http?????????????
??????????????????????? *****?? ??????????????????????????????
6:???????
????????????????????棬???????sql??????
Select * from table A where username?????? + username+???? and pass word ??.
Sql ????
?? or 1??1 ?D?D
??????????κ?password???й?????
7:?????????????
??????????????????????????????????????????????????????????????????????????????????
8:???????洢
??????????б???????????????????????????е????????????????????б?????????????????????????????????????????
????????棺?????????????????GET????????????????????POST??
9:???????
??????????????????????????????????????????????ó??????????????????????????????????????
10:??????????ù???
??????Config?е??????????????????????????????洢???????????????
????????????????????е??????????????в???????????y??????????????????????
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11
sales@spasvo.com