±zŠn¡G
±z©Ò»¡ªº§ðÀ»€èŠ¡ºÙ¬°¡užóºô¯ž«ü¥OœX ¡]Cross-Site Scripting¡A²ºÙ XSS ©ÎºÙ
CSS ¡^¡v
§ðÀ»€èŠ¡¬O§ðÀ»ªÌŠbºô¶€€¥[€W iframe »yªk¡AµM«áŽ¡€JŽc·Nªº html µ{Š¡œX¡AŠÓ³ošÇŽc·Nªºµ{Š¡œX³£¬O©ñžm©ó¥t¥~€@¥x¥DŸ÷€W¡AŠ³ªº§ðÀ»ªÌ·|šÏ¥Î€@¥xŠê€@¥xªº€èŠ¡¡A€ñ€è»¡¡A±qšü®`ªººô¶Šê³sšì A ¥DŸ÷¡AŠA±q A ¥DŸ÷Šê³sšì
B ¥DŸ÷¡AB ¥DŸ÷ŠAŠê³sšì C¥DŸ÷¡A³ošÇ€âªk³£¥u¬O¬°€FÁקKÅý€H»Ž©öŠa¹îıšì XSS §ðÀ»
·íšÏ¥ÎªÌÂsÄýžÓ¶€§®É¡A³QŽO€Jšäºô¶žÌªºhtml µ{Š¡œXŽN·|³Q°õŠæ¡A±qŠÓ¹FšìŽc·NšÏ¥ÎªÌªº¯S®í¥Øªº¡C
¥Ñ€Wzªº»¡©ú¡A¥i¥HªŸ¹D¡A³ožò SQL Server ¥»ššSÃö«Y¡A¥užòºô¯ž¬O§_€¹³\±q¥~³¡¶iŠæ§ó·sºô¶Š³Ãö«Y
šä¥L¬ÛÃöªºžê®Æ¡A¥i¥H°ÑŠÒ©ó¬ü°êÁ|¿ìªº¡u»P·L³n±M®a¹ïœÍ¡v°O¿ý¡G
http://www.microsoft.com/taiwan/technet/community/chats/trans/sql/sql91702.aspx
--
·L³n³ÌŠ³»ùȱM®a
Microsoft MVP
šô¥ß¥Á (Alex Chuo) for Windows Help
³¹¥ß¥Á¬ãšs«Ç
·s®Ñ§Y±N°Ý¥@¡G
¡ŽSQL Server 2005 §¹¥þ¹êŸÔ
±z·QnŽ£ª@ŠÛ€vªº SQL Server 2005 ¹ê€O¶Ü¡HœÐ±q²{Šb¶}©l¡F
±z·QnŽ£ª@ŠÛ€vªº SQL Server 2005 ¥\€O¶Ü¡HœÐ±q¥»®Ñ¶}©l¡C
€wžgµoŠæªº®Ñ¡G
¡ŽVisual Basic 2005 µ{Š¡¶}µo»P€¶±³]p¯µ³Z
¡ŽVisual C# 2005 µ{Š¡¶}µo»P€¶±³]p¯µ³Z
\==================================
|| Y§Úªº»¡©ú¹ï±zŠ³À°§U¡AœÐŠ^À³¡F
|| Y§Úªº»¡©ú¬O¿ù»~ªº¡A¥çœÐŠ^À³¡C
/==================================
€£ŽN¥ôŠóµoªíªºŠ^À³žê°T§@¥ôŠó©Ó¿Õ¡A¥B€£t¥ôŠóŸá«O³d¥ô¡C
This posting is provided "AS IS" with no warranties, and confers no rights.
ÁÂÁŠ^µª
¥i¯à¬O§Ú±Ôz€èªk€£¹ï¡A³Q§ï¹LªºaspÀɮמ̱Š³iframeªº»yªk³sšìšä¥Lºô¯ž€UžüÀɮסAŠAºôžô€W§äšìªºžê®Æ€jŠh¬O»¡ÁôœX§ðÀ»ŸÉP¡A¥t¥~aspºô¶³Q«§ï¥[€JiframeªºžÑšMžê®ÆšÃ€£Šh¡A¥u¬O§äšìªºžê®ÆŠ³³¡¥÷³£«üŠVÁôœX§ðÀ»¡A©Ò¥H§Ú¥uŠnŒéŠV³oÓ€èŠV¥hŽMšDžÑšM€èªk¡A€£¹LŽN¬O€£Ÿå±ožÓ«çÃÒ©úµ{Š¡€HûªºŒgªkŠ³°ÝÃD¡A©Ò¥H·Q»¡¬Ý¬O§_·L³nŽ£šÑÃþŠüªº€ušã¥i¥HšÓÀËŽú¡AÁÂÁ¡C
"æ£æ£" šÓšç¡G
...
ÁôœX§ðÀ»¬O«ü³z¹Lºô¶€¬°Ê¥\¯à¡AšÏ¥ÎªÌ¿é€J SQL ³¡€À»yªk¡AŸÉP»P°ÊºAºô¶²ÕŠX¥X€§ŠrŠê¥i¬džß«DÅv¥~ªº€º®e¡C
Š¹°ÝÃD«Y¬°°ÊºAºô¶¶}µo€Hû³]p€£·íŸÉP¡C
žò asp ì©lœX³Q§ïšSÃö«Y¡C
œÐ©úœTŽyz§Aªº±¡ªp¡AŽ£šÑš¬°÷ªºžê°TšÓ§PŪ¡C
ŠUŠì¥ý¶iŠn