????????治????SQL INJETION????????????????????URL??????http://www.xxx.com/news.asp?id=1and 1=1????http://www.xxx.com/news.asp?id=1and 1=2

???????????η???????????????η???????????????????????news.asp???????SQL INJETION????????ò???????????????????????????

?????? ?????????????????????????

????????

?????????????????????upload.asp?????????????書???????????п???????????????????????????????????????????????????????????????????????????????????????????????

?????????

?????????asp??php??jsp??cgi???????????????????

????????

??????????http://www.xxx.com/download/filespath.asp?path=../abc.zip

??????????????????

????http://www.xxx.com/download/filespath.asp?path=../conn.asp

????????????????Щasp??????????λ?ü????????????????

???????????к?????????????

?????? COOKIES?????

????????

????COOKIES??WEB?????????????COOKIES?????б????????????÷???????????????????????????????????????????á??????????????????COOKIES???????SESSION????????????????????SESSIONЧ????????????????????????????????????????????COOKIES????????????????????WEB?????????????????????LEADBBS????к????COOKIES??????????λ??????COOKIES????????ID????????????????????????

?????????

??????????MYBROWER???????????????????COOKIES???????????????????λ?á?

?????? ??????????????

????????

????Action???????????????????????WEB??????????????????????????????A??B??C??D?????VALUE??100??80??60??40??

??????????????Щ?????HTML?????????????????????????VALUE????????ACTION????ACTION??????????

?????????

?????????????????????汣????????????ü??±??????????????VALUE??????????????????

??????????????????????棬???????????л??????檔???????????????index.html????????????????檔??????????б????Щ?????????????????????????????

????????????????????????????????????????????????????????????????????????????δ????????????κ???????? ?? ???????δ???Щ??????? ??<????">"????????????????????????????????????????????????????????????????????JS?????????????????????

?????????????????????????????????????????????????????2000??XP??2003???й?????????????MS?????????????