Web???????????1??

????HTTPЭ??
????HTTP??????web??????????web???????????Э???????????????????????.???HTTP?淶????????????.
??????ο???????????
????HTTP????????????????????????.?????????????????????????????????????????????????????????.HTTP?????Э?飬???????????????????????????.???????￡?web??????????????TCP/80.??????????????????????http://pentesterlab.com/??????????????????????pentesterlab.com?????ip??80???.??????????????????????????.?????????????????????????????:
????·                    HTTP????
????????÷????????????????е?????????
????·                    ???
?????????????????????????????
????·                    ?汾???
???????????????????????汾??HTTPЭ??
????·                    ???????????????
??????Щ??????????????????????????汾??????????????(?????????????…)..
????·                    ????????
????????HTTP??????????в???????
??????????????http://vulnerable/index.php??????????HTTP????
????GET /index.php HTTP/1.1
????Host: vulnerable
????User-Agent: Mozilla Firefox
????????
????????
?????к???HTTP????:
????·                    GET????
????????????????????????????
????·                    POST????
????POST??????????????????????????????????????????????????.
????·                    HEAD????
????HEAD??????GET???????????????????server????????.HEAD??????????????????????????????.web???????????????и???????????????????????????????????????????????.
?????????????????HTTP????:PUT??DELETE??PATCH??TRACE??OPTIONS??CONNECT…
????????
????????????????????????????.??????????????????http://vulnerable/article.php?id=1&name=2
??????????????????????web??????:
????POST?????????????????????????????????????е?.?????????:
????<html>
????[...]
????<body>
????<form action="/login.php" method="POST">
????Username: <input type="text" name="username"/> <br/>
????Password: <input type="password" name="password"/> <br/>
????<input type="submit" value="Submit">
????</form>
????</body>
????</html>
???????HTML????????????????:

?????????????????????????
????username??’admin’
????password??’Password123′.
?????????????????????????????????:
????POST /login.php HTTP/1.1
????Host: vulnerable
????User-Agent: Mozilla Firefox
????Content-Length: 35
????username=admin&password=Password123
???????<form??????????GET????????????????????????????:
????GET /login.php?username=admin&password=Password123 HTTP/1.1
????Host: vulnerable
????User-Agent: Mozilla Firefox
???????form???????????enctype=”multipart/form-data”???????????????????????.
????POST /upload/example1.php HTTP/1.1
????Host: vulnerable
????Content-Length: 305
????User-Agent: Mozilla/5.0 [...] AppleWebKit
????Content-Type: multipart/form-data; boundary=—-
????WebKitFormBoundaryfLW6oGspQZKVxZjA
????——WebKitFormBoundaryfLW6oGspQZKVxZjA
????Content-Disposition: form-data; name=”image”; filename=”myfile.html”
????Content-Type: text/html
????My file
????——WebKitFormBoundaryfLW6oGspQZKVxZjA
????Content-Disposition: form-data; name=”send”
????Send file
????——WebKitFormBoundaryfLW6oGspQZKVxZjA–
?????????????????????????Content-type??????:Content-Type:
????multipart/form-data; boundary=—-WebKitFormBoundaryfLW6oGspQZKVxZjA.
????“WebKit”?????????webkit??????????У??????????????????????????????????.??????????ü??????????????.??????????????????滹?????–?????.?????????????????????????????????.
?????????:myfile.html
??????????:image
???????????:text/html
???????????:my file
?????????????鵱????????????(????hash???????????????????????????).?????????/index.php?id[1]=0??????????0??????.
????????????????Щ?齨????????????????????.????????????????:user[name]=louis&user[group]=1????????User???????User?????????????name??louis?????????group??????1.????????????????.?????????????????????????б?????????????????????????????????.????????????????У?????????????user[admin]=1???????У????????????admin???.