WEB开发网
开发学院网络安全黑客技术 温柔的杀手——跨站ASP Script攻击 阅读

温柔的杀手——跨站ASP Script攻击

 2006-11-06 19:58:24 来源:WEB开发网   
核心提示: 'redirect if detect the cookie Dim strRedirectUrl strRedirectUrl = "page2.asp?userName=" strRedirectUrl = strRedirectUrl & _ server


'redirect if detect the cookie

Dim strRedirectUrl

strRedirectUrl = "page2.asp?userName="

strRedirectUrl = strRedirectUrl & _

server.URLEncode(Request.Cookies("userName"))

Response.Redirect(strRedirectUrl)


Else %>

<HTML>

<HEAD>

<META http-equiv="Content-Type"content="text/html; charset=ISO-8859-1">

<TITLE>MyNiceSite.com Home Page</TITLE>

</HEAD>

<script LANGUAGE="javascript">

<!--

function checkForm() {

document.forms[0].userName.value =

RemoveBad(document.forms[0].userName.value);

return true;

}


//******************************************************

//Programmer: NOT ORIGINAL CODE - COMES FROM MICROSOFT

//Code Source: Microsoft Knowledge Base Article Q25z985

//Description: Removes bad characters.

//******************************************************


function RemoveBad(strTemp) {

strTemp =strTemp.replace(/</>/"/'/\%/;/(/)/&/+/-/g, "");

return strTemp;

}

//-->

</SCRIPT>

<BODY>

<BR>

<H2>MyNiceSite.com</H2>

<BR>

<FORM method="post"action="page2.asp" onsubmit="return checkForm();">

上一页  2 3 4 5 6 7 8 9  下一页

Tags:温柔 杀手 ASP

编辑录入:爽爽 [复制链接] [打 印]
赞助商链接