asp.net ÍøÕ¾°²È«½â¾ö·½°¸
1¡¢sql×¢È멶´¡£
½â¾ö°ì·¨£ºÊ¹Óô洢¹ý³Ì£¬²ÎÊý²»ÒªÓÃ×Ö·û´®Æ´½Ó¡£¼òµ¥¸Ä½ø°ì·¨£ºÊ¹ÓÃSqlHelperºÍOledbHelper
2¡¢¿çÕ¾½Å±¾Â©¶´
½â¾ö°ì·¨£º“ĬÈϽûÖ¹£¬ÏÔʽÔÊÐ픵IJßÂÔ¡£¾ßÌå²Î¿¼£º´Ó¿Í»§¶Ë¼ì²âµ½ÓÐDZÔÚΣÏÕµÄRequest.FormÖµ£¬½ûÖ¹Ìá½»html±ê¼Ç£¨<>µÈ±»×ªÒå³É<£©
3¡¢ÉÏ´«Â©¶´
½â¾ö°ì·¨£º½ûÖ¹ÉÏ´«Ä¿Â¼µÄÔËÐÐȨÏÞ¡£Ö»¸ø¶ÁȡȨÏÞ¡£ÁíÍâÒª½ûÖ¹ÉÏ´«·Ç·¨ÀàÐÍÎļþ¡£²»½ö½öÊÇaspxÀàÐÍ£¬°üÀ¨ºÜ¶à£¬ÉõÖÁhtm¡¢htmlÀàÐÍÎļþÒ²²»Ó¦¸ÃÖ±½ÓÉÏ´«±£´æ¡£
4¡¢Êý¾Ý¿âÁ¬½ÓÕʺţ¬¾¡Á¿Ê¹ÓÃ×îµÍȨÏÞµÄÕʺš£Ò»¶¨²»Òª¸ø¹ÜÀíԱȨÏÞ¡£
¼ÙÈç±»ºÚ¿ÍµÃÖªÁËÊý¾Ý¿âµÄÃÜÂë¡£
ÄÇÎÒÃǾͿÉÒÔÖ´ÐÐÈÎÒâϵͳÃüÁîÁË¡£
ÀýÈ磺xp_cmdshell 'dir c:\'
ÁíÍ⻹ÓÐ
tasklist
taskkill
pslist
pskill
net user
net user guest /active:yes
net user hack hack /add
net user hack /del
net localgruop administrators hack /add
query user
logoff 1
ÕâЩÃüÁîÊDz»ÊǺֲܿÀ£¿ºÇºÇ¡£ËùÒÔÒ»¶¨²»Òª¸øwebÊý¾Ý¿âÁ¬½ÓÕʺŹÜÀíȨÏÞ¡£
5¡¢Óû§µÇ¼¡£ÕâÀï²»Òª°ÑÓû§±êʶÃ÷ÎÄ´æ´¢ÔÚcookieÀÒÔÓÃÀ´±êʶÓû§ÊÇ·ñµÇ¼¡£ÒòΪcookieÊÇ¿ÉÒÔ±»Ð޸ĵġ£Çë¿´ÕâÀïµÄÐÞ¸Äcookie£¬Ã°³äÆäËûÓû§¡£nc httpwatchʹÓÃÊÓƵ½Ì³Ì£¬ÓÃ΢ÈíµÄForms´°ÌåÉí·ÝÑéÖ¤ºÍ½ÇÉ«Ò»°ãÇé¿ö¶¼¹»ÓÃÁË¡£
6¡¢Èç¹ûÍøÕ¾³ÌÐòÖÐÓõ½¶ÁдÎļþ£¬Ò»¶¨ÒªÉ÷ÖØ£¬ÒòΪ¶ÁÈ¡µÄ²Ù×÷ºÜ¿ÉÄܱ»ºÚ¿ÍÀûÓã¬ÀýÈçÓÃÒ»¸ö²é¿´Í¼Æ¬µÄaspxÎļþ¶ÁÈ¡web.config£¬ÓÃÒ»¸öÉú²úÄ£°åµÄ¹¦ÄÜÉú³ÉľÂí¡£
7¡¢³ä·ÖÀûÓÃÑéÖ¤Âë¡£Óû§µÇ¼¡¢ÆÀÂ۵ȵȿÉÄܻᱻÌá½»À¬»øÐÅÏ¢µÄµØ·½£¬¶¼ÒªÊ¹ÓÃÑéÖ¤Â룬¶øÇÒÒªÓÐÒ»¸ö°²È«µÄÑéÖ¤Âë¡£²ÅÄÜ·ÀÖ¹±»±©Á¦Æƽ⣬·ÀÖ¹ÍøÕ¾³äÂúÀ¬»øÊý¾Ý¡£
8¡¢´úÂëÒªÑϽ÷£¬ÐÞ¸ÄÓû§×ÊÁÏ¡¢ÐÞ¸ÄÓû§Êý¾Ý¶¼Òª¸úÓû§¹ØÁªÆðÀ´£¬±ÈÈçupd
Ïà¹ØÎĵµ£º
ÔÚWeb±à³Ì¹ý³ÌÖУ¬´æÔÚןܶలȫÒþ»¼¡£±ÈÈçÔÚÒÔÇ°µÄASP°æ±¾ÖУ¬CookieΪ·ÃÎÊÕߺͱà³ÌÕ߶¼ÌṩÁË·½±ã£¬²¢Ã»ÓÐÌṩ¼ÓÃܵŦÄÜ¡£´ò¿ªIEä¯ÀÀÆ÷£¬Ñ¡Ôñ“¹¤¾ß”²Ëµ¥ÀïµÄ“InternetÑ¡Ï¬È»ºóÔÚµ¯³öµÄ¶Ô»°¿òÀïµ¥»÷“ÉèÖÔ°´Å¥£¬Ñ¡Ôñ“²é¿´Îļþ”°´Å¥£¬ÔÚµ¯³öµÄ´°¿ÚÖУ¬¾Í»áÏÔʾӲÅÌÀï ......
web.config
<customErrors mode="On" defaultRedirect="ApplicationErroy.aspx" >
<error statusCode="403" redirect="403.htm"/>
<error statusCode="404" redirect="404.htm"/>
<error statusCode= ......
·Ï»°²»Ëµ£¬Ö±½Ó´úÂ벿·Ö´úÂëÕª³×ÔÍøÉÏ£¬ÔÚ´ËÏëÔ×÷Õß±íʾ¸Ðл
1¡¢·þÎñ¶Ë uploadFile.ashx
<%@ WebHandler Language="VB" Class="UploadFile" %>
Imports System
Imports System.Web
Imports System.Web.HttpServerUtility
Imports System.IO
Imports System.Web.HttpRequest
Public Class UploadFile : Impl ......
ÉèÖÃ×é¼þ
<configSections>
<section name="rewriter" requirePermission="false" type="Intelligencia.UrlRewriter.Configuration.RewriterConfigurationSectionHandler, Intelligencia.UrlRewriter"/>
</configSections>
ÉèÖÃÄ£¿é
<httpModules>
&n ......
Asp.Net¹¹¼Ü(HttpÇëÇó´¦ÀíÁ÷³Ì) - Part.1
ÒýÑÔ
ÎÒ²éÔĹý²»ÉÙAsp.NetµÄÊé¼®£¬·¢ÏÖ´ó¶àÊý×÷Õ߶¼ÊÇÕ¾ÔÚÒ»¸ö±È½Ï¸ßµÄ²ã´ÎÉϽ²½âAsp.Net¡£ËûÃÇÄÍÐÄ¡¢Ï¸ÖµظæËßÄãÈçºÎÒ»²½²½ÍϷſؼþ¡¢ÉèÖÿؼþÊôÐÔ¡¢±àдCodeBehind´úÂ룬ÒÔʵÏÖij¸öÌض¨µÄ¹¦ÄÜ¡£
ÕâÖÖ×ö·¨£¬Êµ¼ÊÉÏÊǻشðÁË“ÈçºÎÈ¥×ö”µÄÎÊÌ⣬ȴûÓлشð“ÎªÊ ......