1.跨網域限制
2.跨網站指令碼
3.SQL/OS 命令植入攻擊
$sql = "SELECT * From table where number = ".$_GET['id'].";";
利用 mysql_wscape_string()、splite_escape_string()
4.密碼檔案管理
資料庫
MySQL
PHP $A = mysql_escape_string($_GET['A']);
Perl $A =~ s/'/"/g; or $A =~ s/\\/\\\/g;
PGSQL
PHP $A = psgl_escape_string($_GET['A']);
Perl $A =~ s/'/"/g; orf $A =~ /\\/\\\/g;
SQLite $A = splite_escape_string($_GET['A']);
系統
Linux
PHP $A = escapeshellarg($A); system($A);
Perl $A =~ s/'/\\'/; system("echo '$A'");
跨網站指令碼
PHP $A = htmlspecialchars($data);
Perl $A =~ s/
skip to main |
skip to sidebar
標籤
- koha3.0 (15)
- koha (13)
- koha229 (9)
- zebra (9)
- iso2709 (7)
- perl (7)
- 會議 (7)
- mysql (6)
- search (5)
- innopac (4)
- cccii (3)
- news (3)
- catalog (2)
- koha網站 (2)
- marc (2)
- unimarc (2)
- 服務隊 (2)
- CLR (1)
- MARC::File::XML (1)
- PMP (1)
- XML::Simple (1)
- amazon (1)
- amazonimages (1)
- assembly (1)
- autotest (1)
- books.com.tw (1)
- c (1)
- c++ (1)
- cluster (1)
- css (1)
- cvs (1)
- develop (1)
- diff (1)
- git (1)
- java (1)
- koha文件 (1)
- liblime (1)
- liblime 2.4 (1)
- livecd (1)
- livekoha (1)
- liveusb (1)
- nkes (1)
- opac (1)
- perl6 (1)
- phpmyadmin (1)
- prof (1)
- sqlite (1)
- standard (1)
- svn (1)
- z39.50 (1)
- zoom (1)
- 博客來網路書店 (1)
- 圖書館標準 (1)
相關連結
Maps
沒有留言:
張貼留言