5£® ±©Á¦£¬×²¿â½øºǫ́
ÎÞÂÛÊÇǰ¶ËµÄÓû§µÇ¼»¹ÊǺǫ́µÄ¹ÜÀí½øÈ룬±©Á¦ÆÆ½â¶¼²»Ê§ÎªÒ»ÖÖÒÔʱ¼äºÍ×ÖµäΪÏûºÄµÄ·½·¨£¬»¹ÊÇÓиÅÂʽøÈëµÄ£¬ºÇºÇ¡£
²»¹ýÏà±È¶øÑÔ£¬¸ù¾ÝÍâΧ̽²âÄõ½µÄÐÅÏ¢£¬Ò²Ðí¿ÉÒÔ°ïÖúÎÒÃǺÜÇáËɵĽøÈëºǫ́¡£ ײ¿â£¬Ò²ÐíÄãÖ»Äõ½ÁËÒ»²¿·ÖÃô¸ÐÐÅÏ¢£¬µ«ÊÇÍøÂçÉÏÏÖÔÚ¿ã×ÓÂúÌì·ÉµÄ×´¿öÏ£¬×²Ò»×²ÕÒÒ»ÕÒ£¬Ëµ²»¶¨ÃÜÂë¾Í³öÀ´ÁË£¬Õâ¸ö¿É±È±©Á¦ÆÆ½â¿ìµÃ¶à¡£
6£® Èõ¿ÚÁî
×î³£¼û×îΣÏÕÒ²×îµôÒÔÇáÐÄ
7. Öмä¼þÅäÖò»µ±ÒýÆðµÄÎÊÌâ
¢Ù IISд©¶´£¨²»³£¼ûÁË£©
£¨³£¹æ¹¤¾ß¡°Àϱø¡±£©
¢Ú Ŀ¼¿É·ÃÎÊ
*8. ²Ù×÷ϵͳ¡¢Öмä¼þÎļþ½âÎöÒýÆðµÄÎÊÌ⣬
Apache test.php.xx IIS test.asp;.jpg windows .asp. asp¡õ
²»ÊÇÉîÈëµÄ»°Ì⣬ÔÚÉÏ´«Àï¹Ø×¢
9. phpÒýÆðµÄһϵÁÐÎÊÌâ
¢Ù ../../etc/passwd Ö±½ÓÉîÈë ¢Ú phpÒýÆðµÄĿ¼±éÀú
¢Û PHP ÒýÆðµÄÔ¶³ÌÎļþ°üº¬£¨googleËÑË÷Ò²¿ÉÒÔÖ±½ÓÀûÓã©
0¡Á02 Ì«¼«£ºÍâΧµ½ÄÚ²¿Ö®¼äµÄÖмä²ã£¨Ó¦Óã©
ÕÐʽ½âÊÍ
Ì«¼«£ºÓöÇ¿ÔòÇ¿£¬ÓöÈõÔòÈõ£¬È«ÊÇÓ¦ÓÃÈǵĻö Ò»£®Óû§Î´µÇ½µÄÇé¿öÏÂ
1¡¢×¢Èë
×¢ÈëµÄÀàÐÍʵÔÚÌ«¶à£¬ÀûÓû¨ÑùÖÖÖÖ£¬
¢Ù Ò³Ãæµ÷ÓÃʱºòµÄsql×¢È룬һ°ãÖ±½Ó´©É½¼×£¬sqlmapÅܳöÀ´dbsºÍ±í£¬ÓÃÀ´½øºǫ́ÓûòÕßй¶Óû§ÐÅÏ¢¡££¨DBSÊÇ·ñÍêÕû£¬ÍøÕ¾½á¹¹¿â£¬Ö±½ÓÀûÓã©
¢Ú ÍòÄÜÃÜÂëÖ®ÀàµÄsql×¢È룬½øÈëǰ¶ËÓ¦ÓûòÕߺǫ́¹ÜÀí¡£
¢Û ±¾Õ¾Ã»ÓÐ×¢Èë²»´ú±í¾Í²»ÄÜÉîÈ룬ÊÔÊÔÅÔעĨ£¬ºÇºÇ¡£Ö»ÊÇÁ÷³Ì²»Ò»ÑùÁË¡£
2¡¢XSS
XSSµÄÀàÐͲ»Ëã¶à´æ´¢ÐÍ£¬·´ÉäÐÍ£¬µ«ÊÇÀûÓþÍÊÇÖ»ÓÐÄãÏë²»µ½£¬Ã»ÓÐÄã×ö²»µ½¡£
ºÍÉîÈëÎ޹صľͲ»ËµÁË¡£
¢Ù XSSä´ò´òºǫ́£¬¶à°ëÒ²ÊÇÏë½øºǫ́ÖÖÖÖ·½·¨ÎÞ¹ûµÄÇé¿öÏ¡£¸ÅÂÊÓÐÏÞ¡£
¢Ú XSS DDoS¡£