?????????????????????????????
???????????? ???????[ 2010/12/21 11:57:17 ] ????????
1. ?????????
(1) ?????????
1) ????????????????Щ??????????????????
2) ???A??????е??????B?????????в????????????session??????????????
3???????A??????????????????棬???B??????????????URL?????
(2) ?????????
1?? ?????е????????棬???????????????????з???
2????????A??B??C????棬???????????A??C?
2. URL???????
??1?????÷?Χ?? URL?к??в???????????GET????????HTTP????
??2??????GET?????
HTTP ?????????????????????????????????????? GET ?? POST??
GET????????????URL?????????????URL?п??????????????????ж???????
http://pay.daily.taobao.net/mysub/subdeal/order_sub_deal.htm?servId=2
POST??????????????HTML HEADER????????????URL?п?????
GET????????????????????????POST??????????????????GET??
??3??????????
1?? URL ??????飺
A: ??URL?в???????????????
?磺URL?е????????????????????????????????????????
B: ?????Щ????????????????????URL?????????
?磺?????????????????????????????? ??
2?? URL????????
???URL?е????????????????????
?磺????????URL?????????planId??????????????????
http://pay.daily.taobao.net/mysub/plan/subplan/confirmSubPlanInfo.htm?planId=878
???磺????URL?а??????????????????????????????????????????2??????1???????????????????????????????????????
3?? URL?в?????????XSS???
????XSS??
XSS???????Cross Site Script???????????
XSS??????????????н?????URL???????????????????У??????JavaScript???????
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11
sales@spasvo.com