ajax °²È«¶ÁÊé±Ê¼Ç
1.ÅÖ¿Í»§¶ËµÄ²¿Êð·½°¸
java web start
.net clickonce
2.ÈëÇÖ˼·
HTTPÊý¾ÝµÄ¼Ç¼->·¢ÏÖajax¿ÉÄÜ´æÔÚÎÊÌâµÄµã->ÈƹýjavascriptµÄһЩÏÞÖƺÍÆƽâjavascript»ìÏý´úÂë->ÕÒµ½jsonµÄsql×¢Èëµã->ÕÒµ½ajax¿ÉÒÔÌí¼Ó¹ÜÀíÔ±µÄ»Øµ÷º¯ÊýºÍjsonÏà¹Ø
3.sql×¢ÈëС¼¼ÇÉ
union select name from sysobjects where xtype='U'Ö»ÒªµÃµ½ÏàͬµÄ×Ö¶Î
4.¿Í»§¶ËÈ¡ÏûcookieÈÏÖ¤²»ÊDZ£Ö¤ÁË°²È«£¬¶øÊÇ°ÑÍþвÓÖÎÞÐÎÀ©´óÁË
5.ajax¹¥»÷²ãÃæ°üÀ¨ÁË´«Í³µÄWEB©¶´+WEB SERIVCES©¶´¡£
6. ±¨Í·ÖпÉÄÜ´æÔÚΣÏÕµÄ×¢Èë
7.RSS×¢Èë(Íⲿ×ÊÁÏ¿ÉÒԲο¼ black hat 2006ÄêRobert Auger
http://www.cgisecurity.com/papers/RSS-Security.pptµÄÎÄÕÂ)
8.jsonµÄ©¶´±ØÐëÒªÑéÖ¤ÐòÁл¯Êý¾Ý(Íⲿ²Î¿¼×ÊÁÏblack hat 2005 Attack web Services: The next Generation of vulneralbe enterprise appsÏÂÔصØÖ·http://www.blackhat.com/presentations/bh-usa-05/bh-us-05-stamos.pdf
ºÍHackInTheBoxµÄpentesting java/j2ee)
9.douglas·ÀÓùJsonµÄeval×¢Èë
Ïà¹ØÎĵµ£º
ºÜ¶àÈËÔÚʹÓÃAJAXµ÷ÓñðÈËÕ¾µãÄÚÈݵÄʱºò,JS»áÌáʾ"ûÓÐȨÏÞ"´íÎó£¬ÕâÊÇXMLHTTP×é¼þµÄÏÞÖÆ-°²È«Æð¼û
½ûÖ¹·ÃÎÊ·ÇͬÓòµÄÍøÕ¾,ÏÂÃæÒ»¸öÀý×ÓÀ´·ÃÎÊhttp://www.google.cn,
<script type="text/javascript">
function createobj() {
if (window.ActiveXObject) {
&nb ......
//JS´úÂë
function checkname() {
var Msg = document.getElementById("d_username");
var chk = CheckN();
if (chk) {
$.ajax({ url: 'registerOK.aspx',
& ......
ʹÓÃAjaxÎÞË¢ÐÂÉÏ´«ÎļþÊǵ±Ç°±È½ÏÁ÷ÐеŦÄÜ¡£½èÖúJQueryÇ¿´óµÄ²å¼þ£¬ÏÖÔÚÒѾ¿ÉÒÔºÜÈÝÒ×ÁË¡£
Ê×Ïȵ¼ÈëjsÎļþjquery.ajaxfileupload.js¡£´Ë²å¼þµÄÔÀíÊÇÔÚÎĵµÖд´½¨iframeºÍformÈ»ºóÔÚ½«ÎļþÉÏ´«µ½·þÎñÆ÷¡£
1 <html xmlns="http://www.w3.org/1999/xhtml">
2 <head id="Head ......
Ò»¸öajaxÇëÇóÒ»¸öjspÎļþ£¬²Ù×÷³É¹¦,jspÎļþout.println("1");µ«ÊÇÿ´Î³É¹¦ºóxmlHttp.responseText=='1'×ÜÊÇΪfalse£¬
ÓÃencodeURIComponent¿´xmlHttp.responseText£¬·¢ÏÖ×îºó¶àÁË%0A%0D£¬°Ù¶ÈһϠÓÃÀ´ÊÇ»»ÐУ¬
jspÎļþÖеÄout.println……°ÑlnÈ¥µôÔÙ´Î±È½Ï ³É¹¦ = =¡ ......
