?????????????????????Web????????????????????????????????????????????????????????????????????????????????????????????????????Щ???????????????????????????£????????????????????????????????????Щ??????????????????????????в????????????????????????????????????????Щ???????????????????????????????п???????????????????????????????????????????????????Щ?????????????????????????????Щ?????????????????????????????Щ???飬????????а?????
????????????μ???????????????????????????????????????漸???????SQL???????????????????????????????????楨IIS?????/??????????????????й???
????1?????????輰????
??????Щ????????????????????????????????????????????????????????????????????Щ??????????????????????????????????
????????????????????????IP?????DNS?????????汾?????IP?ε????????????÷????У?
????1??????????????????
????2??Ping?????????IP?????TTL???????
????3??Tcptraceroute??Traceroute ??????
????4??Whois?????
????5??Netcraft???????????????????Web?????????????
????6??Curl??????Web?????????
????7??Nmap????????ж????貢?ж???????????
????8??Google??Yahoo??Baidu????????????????????
????9??FWtester ??Hping3 ???????з???????????
????10????????
??????????????????????????????????????????????????????????????????????????????????????????÷????????????漸???
????1??????????????????????????м?飻
????2????????ISS??Nessus?????????????蹤??????????裻
????3??????SolarWinds???????豸??????????????
????4??????Nikto??Webinspect???????Web?????????????裻
????5????????AppDetectiv?????????????????????????????
????6????Web?????????y??з?????
????7??????WebProxy??SPIKEProxy??Webscarab??ParosProxy??Absinthe???????з?????
????8????Ethereal???Э????????
????9????Webscan??Fuzzer????SQL????XSS?????????????
????10????????SQL????XSS?????
????11??????????OScanner?????????????з?????
????12??????????豸??????????????????????????????????????е?????????????????????????MetasploitFramework ???????ó??????
????13???????????????????Web?????????????B/S??C/S??????????ó?????????????й?????
????14???????????????п??????????? X-Scan??Brutus??Hydra???????????
????????????????????????????????????????????????????????????????????£??????????????????С????÷???
????1?????????????????????????????????????????????????????????????????????????????????п?????????
????2???????????????????????????? L0phtCrack??John the Ripper??Cain ???
?????????Щ????????????裬??????????????????Щ??????????????????????????????????????????????????????????????????????
????2??SQL???????????????
????1??SQL????壺
????SQL?????????????????й???????????????????B/S?????????????????????????д??ó???????????????????????????????????????β???????????????????д??????????ж?????????????????????ж?????ó???????????????????????????????????????????????????????Щ???????????????????ν??SQL Injection????SQL???
????SQL???????????????????????????????п?????С?????????????’?????汨???????????????????·???????????????????????????Web.Config??CustomErrors????????????????

????????Sql??????????????????????????????????????????????о???????????????????Sql??????У????????????е???????????????????????????????????????
??????HTTP://xxx.xxx.xxx/abc.asp?p=YY and (select top 1 name from TestD ... type='U' and status>0)>0 ??????????????????????????????????б??????abc.asp??????????????????????????????????跢????????xyz????
??????HTTP://xxx.xxx.xxx/abc.asp?p=YY and (select top 1 name from TestDB.dbo.sysobjects& ... tatus>0 and name not in('xyz'))>0 ??????????????????????????????????????y????????????