asp.net ÍøÕ¾°²È«½â¾ö·½°¸

      1¡¢sql×¢È멶´¡£
  
   ½â¾ö°ì·¨£ºÊ¹Óô洢¹ý³Ì£¬²ÎÊý²»ÒªÓÃ×Ö·û´®Æ´½Ó¡£¼òµ¥¸Ä½ø°ì·¨£ºÊ¹ÓÃSqlHelperºÍOledbHelper
  
   2¡¢¿çÕ¾½Å±¾Â©¶´
  
   ½â¾ö°ì·¨£º“ĬÈϽûÖ¹£¬ÏÔʽÔÊÐ픵IJßÂÔ¡£¾ßÌå²Î¿¼£º´Ó¿Í»§¶Ë¼ì²âµ½ÓÐDZÔÚΣÏÕµÄRequest.FormÖµ£¬½ûÖ¹Ìá½»html±ê¼Ç£¨<>µÈ±»×ªÒå³É<£©
  
   3¡¢ÉÏ´«Â©¶´
  
   ½â¾ö°ì·¨£º½ûÖ¹ÉÏ´«Ä¿Â¼µÄÔËÐÐȨÏÞ¡£Ö»¸ø¶ÁȡȨÏÞ¡£ÁíÍâÒª½ûÖ¹ÉÏ´«·Ç·¨ÀàÐÍÎļþ¡£²»½ö½öÊÇaspxÀàÐÍ£¬°üÀ¨ºÜ¶à£¬ÉõÖÁhtm¡¢htmlÀàÐÍÎļþÒ²²»Ó¦¸ÃÖ±½ÓÉÏ´«±£´æ¡£
  
   4¡¢Êý¾Ý¿âÁ¬½ÓÕʺţ¬¾¡Á¿Ê¹ÓÃ×îµÍȨÏÞµÄÕʺš£Ò»¶¨²»Òª¸ø¹ÜÀíԱȨÏÞ¡£
  
   ¼ÙÈç±»ºÚ¿ÍµÃÖªÁËÊý¾Ý¿âµÄÃÜÂë¡£
   ÄÇÎÒÃǾͿÉÒÔÖ´ÐÐÈÎÒâϵͳÃüÁîÁË¡£
   ÀýÈ磺xp_cmdshell 'dir c:\'
   ÁíÍ⻹ÓÐ
   tasklist
   taskkill
   pslist
   pskill
   net user
   net user guest /active:yes
   net user hack hack /add
   net user hack /del
   net localgruop administrators hack /add
   query user
   logoff 1
   ÕâЩÃüÁîÊDz»ÊǺֲܿÀ£¿ºÇºÇ¡£ËùÒÔÒ»¶¨²»Òª¸øwebÊý¾Ý¿âÁ¬½ÓÕʺŹÜÀíȨÏÞ¡£
  
   5¡¢Óû§µÇ¼¡£ÕâÀï²»Òª°ÑÓû§±êʶÃ÷ÎÄ´æ´¢ÔÚcookieÀÒÔÓÃÀ´±êʶÓû§ÊÇ·ñµÇ¼¡£ÒòΪcookieÊÇ¿ÉÒÔ±»Ð޸ĵġ£Çë¿´ÕâÀïµÄÐÞ¸Äcookie£¬Ã°³äÆäËûÓû§¡£nc httpwatchʹÓÃÊÓƵ½Ì³Ì£¬ÓÃ΢ÈíµÄForms´°ÌåÉí·ÝÑéÖ¤ºÍ½ÇÉ«Ò»°ãÇé¿ö¶¼¹»ÓÃÁË¡£
  
   6¡¢Èç¹ûÍøÕ¾³ÌÐòÖÐÓõ½¶ÁдÎļþ£¬Ò»¶¨ÒªÉ÷ÖØ£¬ÒòΪ¶ÁÈ¡µÄ²Ù×÷ºÜ¿ÉÄܱ»ºÚ¿ÍÀûÓã¬ÀýÈçÓÃÒ»¸ö²é¿´Í¼Æ¬µÄaspxÎļþ¶ÁÈ¡web.config£¬ÓÃÒ»¸öÉú²úÄ£°åµÄ¹¦ÄÜÉú³ÉľÂí¡£
  
   7¡¢³ä·ÖÀûÓÃÑéÖ¤Âë¡£Óû§µÇ¼¡¢ÆÀÂ۵ȵȿÉÄܻᱻÌá½»À¬»øÐÅÏ¢µÄµØ·½£¬¶¼ÒªÊ¹ÓÃÑéÖ¤Â룬¶øÇÒÒªÓÐÒ»¸ö°²È«µÄÑéÖ¤Âë¡£²ÅÄÜ·ÀÖ¹±»±©Á¦Æƽ⣬·ÀÖ¹ÍøÕ¾³äÂúÀ¬»øÊý¾Ý¡£
  
   8¡¢´úÂëÒªÑϽ÷£¬ÐÞ¸ÄÓû§×ÊÁÏ¡¢ÐÞ¸ÄÓû§Êý¾Ý¶¼Òª¸úÓû§¹ØÁªÆðÀ´£¬±ÈÈçupd