ajax °²È«¶ÁÊé±Ê¼Ç
1.ÅÖ¿Í»§¶ËµÄ²¿Êð·½°¸
java web start
.net clickonce
2.ÈëÇÖ˼·
HTTPÊý¾ÝµÄ¼Ç¼->·¢ÏÖajax¿ÉÄÜ´æÔÚÎÊÌâµÄµã->ÈƹýjavascriptµÄһЩÏÞÖƺÍÆƽâjavascript»ìÏý´úÂë->ÕÒµ½jsonµÄsql×¢Èëµã->ÕÒµ½ajax¿ÉÒÔÌí¼Ó¹ÜÀíÔ±µÄ»Øµ÷º¯ÊýºÍjsonÏà¹Ø
3.sql×¢ÈëС¼¼ÇÉ
union select name from sysobjects where xtype='U'Ö»ÒªµÃµ½ÏàͬµÄ×Ö¶Î
4.¿Í»§¶ËÈ¡ÏûcookieÈÏÖ¤²»ÊDZ£Ö¤ÁË°²È«£¬¶øÊÇ°ÑÍþвÓÖÎÞÐÎÀ©´óÁË
5.ajax¹¥»÷²ãÃæ°üÀ¨ÁË´«Í³µÄWEB©¶´+WEB SERIVCES©¶´¡£
6. ±¨Í·ÖпÉÄÜ´æÔÚΣÏÕµÄ×¢Èë
7.RSS×¢Èë(Íⲿ×ÊÁÏ¿ÉÒԲο¼ black hat 2006ÄêRobert Auger
http://www.cgisecurity.com/papers/RSS-Security.pptµÄÎÄÕÂ)
8.jsonµÄ©¶´±ØÐëÒªÑéÖ¤ÐòÁл¯Êý¾Ý(Íⲿ²Î¿¼×ÊÁÏblack hat 2005 Attack web Services: The next Generation of vulneralbe enterprise appsÏÂÔصØÖ·http://www.blackhat.com/presentations/bh-usa-05/bh-us-05-stamos.pdf
ºÍHackInTheBoxµÄpentesting java/j2ee)
9.douglas·ÀÓùJsonµÄeval×¢Èë
Ïà¹ØÎĵµ£º
ÔÚ ASP .NET µÄ AJAX ¿Ø¼þÖÐ TabContainer µÄ CSS ÑùʽµÄ±àд¾ßÓÐÒ»¶¨µÄ¸ñʽ¹æ·¶¼°ÃüÃû¹æÔò£¬ÈçÏÂͼ£º
¾ßÌåµÄ CSS ÑùʽµÄ±àдΪ£º
.ajax_tab_menu .ajax__tab_header /*ÕûÌå°´Å¥µ×Ñùʽ*/
{
font-family:ËÎÌå;
height:29px;
font-size:12px;
background:#181c1f repeat-x bottom;
}
.ajax_tab_menu .ajax__tab ......
Ò»¸öajaxÇëÇóÒ»¸öjspÎļþ£¬²Ù×÷³É¹¦,jspÎļþout.println("1");µ«ÊÇÿ´Î³É¹¦ºóxmlHttp.responseText=='1'×ÜÊÇΪfalse£¬
ÓÃencodeURIComponent¿´xmlHttp.responseText£¬·¢ÏÖ×îºó¶àÁË%0A%0D£¬°Ù¶ÈһϠÓÃÀ´ÊÇ»»ÐУ¬
jspÎļþÖеÄout.println……°ÑlnÈ¥µôÔÙ´Î±È½Ï ³É¹¦ = =¡ ......
ͨ¹ýjQuery·¢ËÍajaxÇëÇó£¬ÎÞÂÛÊÇget·½Ê½»¹ÊÇpost·½Ê½£¬µ±Ç°ºóÁ½´ÎÇëÇóµÄ²ÎÊýÍêÈ«Ò»Ñùʱ£¬ä¯ÀÀÆ÷¾ÍÓпÉÄܵ÷Óûº´æÀïµÄÊý¾Ý£¬×îÖ±½ÓµÄ½á¹û¾ÍÊÇÔì³ÉÓÐЩ²Ù×÷ûÓÐÉúЧµÄ¼ÙÏó¡£ÕâÖÖÇé¿ö£¬ÎÒÃÇÓ¦¸Ãͨ¹ýÏÂÃæÕâ¸ö¼¼ÇÉÀ´±ÜÃâä¯ÀÀÆ÷µ÷Óûº´æÀïµÄÄÚÈÝ¡£
ÏÈÕûÀíÏÂ˼·£¬ä¯ÀÀÆ÷Ö®ËùÒÔµ÷Óûº´æÀïµÄÄÚÈÝ£¬×îÖ÷ÒªµÄÒ»µãÊÇÅж¨ÏÖÔÚÒª·ÃÎʵÄÄ ......
ÈçºÎÔÚ¿Í»§¶ËÖ±½Óµ÷ÓÃWebServiceÖеķ½·¨£¿
ÕâÀï½áºÏ¾Ñé×Ô¼ºÐ´Ò»Ð´
1.Ê×ÏÈн¨Ò»¸ö ASP.NET AJAX-Enabled Web Site,ÕâÑùϵͳΪÎÒÃÇ×Ô¶¯ÅäÖúÃÁË»·¾³£¬ÕâÖ÷ÒªÌåÏÖÔÚWeb.configÕâ¸öÎļþÉÏ£¬Èç¹ûÒÑÓÐÍøÕ¾²»ÊÇASP.NET AJAX-Enabled Web SiteÒ²¿ÉÒÔ¶ÔÕÕÐÞ¸ÄÏÂWeb.config£¬Ò²¿ÉÒÔ´ïµ½ÏàͬµÄЧ¹û¡£
2.н¨Ò»¸öweb·þÎñ£¬WebSer ......
