ÊÖÍ·Ö»ÓÐDW
ÐÞ¸ÄASP³ÌÐò£¬²»ÖªµÀÔõôµ÷ÊÔ¡£
¾ÍÏñJSÖеÄalert£¨£©ÕâÑùµÄµ÷ÊԾͿÉÒÔ¡£
ÔõôÔÚASP³ÌÐòÖÐÊä³ö¹ý³Ì±äÁ¿µÄÖµ£¿
û·¢Ïֵĺõķ½·¨£¬²»¹ýÊä³öjavascriptÒ²Ðа¡
VBScript code:
response.write("<script>alert('alert word')</script>")
Ò»°ã¶¼ÊÇÀàËÆ2Â¥µÄ·½Ê½À´ÊµÏÖ£¬²»¹ý¿ÉÒÔ×öÒ»¸öº¯Êý¿â¡£×öÀàËƵĺ¯Êý
sub msg(s_str)
response.write(" <script>alert('"&s_str&"') </script>")
end sub
ÓÉÓÚ¶ÔÒ³ÃæʹÓÃÁËα¾²Ì¬
²¢ÇÒ¶ÔID½øÐÐÁ˼ÓÃÜ¡£
Ö÷Òª´úÂëÈçÏ£º
httpd.ini
RewriteRule /List-([0-9,a-z]*).html /List.asp\?ComId=$1 [N,I]
³ÌÐò´úÂë
AΪ¼ÓÃÜ£¬BΪ½âÃܺ¯Êý
<a href=&q ......
½¨ÁËÒ»¸öÕ¾µã£¬ÀïÃæÓÐ login.aspx. events.aspx µÈµÈ ÆäËûµÄÒ³Ãæ¡£
µ«ÊÇÎÒµ÷ÊÔ ÆäËûÒ³ÃæµÄʱºò£¬±Ä³öÀ´µÄ×ÜÊÇ login.aspx Ò³Ãæ¡£
¸Õѧasp ÇëÖ¸½Ì
ÄãÉèÖÃÆðʼҳÁË°É¡£¡£
¶÷ÔõôȡÏûÄØ£¿
Òªµ ......
