脚本入侵详解（Script intrusion detail）.docVIP

脚本入侵详解（Script intrusion detail） Article entry: 7747.Net responsibility editor: 7747.Net 115 [font: small big] What is a script? Scripting is a synonym for all web programming languages 2. what is a scripting invasion? Scripting intrusion refers to the use of web programming language for intrusion behavior 3. what to learn script invasion? Now let me ask you a question: do you think its easier to invade a website, or to get a server than to invade a personal computer, such as a XP system? Difficulty: 1 firewall blocks the path of system intrusion The pervasive presence of 2 scripting vulnerabilities 3 network security personnel security awareness is not strong 4. script vulnerability classification, there are a few aspects 1 library violent vulnerability 2 file upload vulnerability 3sql injection 4 cross site scripting (css/xss) 5 web Trojan 6 fixed vulnerability attack 5., generally speaking, script intrusion technology (or vulnerability) 1 mancang. Burst the database and download it directly because the database contains the administrators account and password 2SQL injection. Website program variable filtering is not strict, so that we can do database query operations, you can find the administrator password. 3 upload. The site is not uploaded properly, so we can upload what we want to upload. Cross site 4. Construction of cross site administrator COOKIES statement, or steal the horse 5 vulnerability. For example, IIS write holes and some overflow holes 6 notes. This server is not available. We can take a server with it as a virtual host, and then use the jump to invade the target 7 sniffing. The power of sniffing is powerful. We want to invade a server that can invade a machine on the same network segment and then get what we want by sniffing it 8google hacking. Using the search engine for intrusion 9cookie spoofing. The cookie of the construction manager is validated 10 social engineering. This is not to say more. 6. learn the script intrusion technology 1 uses l