Please do not deny the existence of pig in the world because you have never eaten pork or have never seen a pig run. Even more, there is no need to make pig as cute as pig in 2007 Years"
The most primitive open-source statement is open source code. hackers are familiar with the IT industry and even the public. Even the top three students in school often swear by the following words: "I grew up as a hacker! ". There are many hackers around the world, because different nature can be subdivided into cracker or hacker, and China is no exception. One difference is that there are a large number of "hackers" in China-a group of black-hearted customers who use tools made by others to scan for other mistakes.
What is the relationship between open source and hackers? Linux is open-source, so some of the most designed security problems are soon known in the industry, and the bugs in the Code are quickly fixed, the solution to security issues comes from the contributions of hackers. Windows is not open-source, so there is a much higher probability of its vulnerabilities. Therefore, Chinese "hackers" will not bother to use it to practice. Recently, "Spring fans" suddenly became interested in hacking because of one of my articles. Due to the "low-level mistakes" made by easyjf ", so they easily and easily put easyjf open source a simple example application http://asp.easyjf.com to "black", this is this morning I saw the situation, as shown in:
This hacked system is an easyjweb and easydbo application sample program released by easyjf, the prototype is a subscription Management System Used in a small factory with only two computers, three people, and one operator in a LAN. I have participated in the code writing of this example. After several days, the sample application published on the Internet is the first version, and the small factory version has changed a lot. This "hacker" easily discovered that the <SCRIPT> tag can be entered in the input text box of the original product title, so a <SCRIPT> while (true) alert ('spammers ') <SCRIPT> is a title, so when someone else looks at the example, the title is displayed as "black.
This reminds me of one thing grandpa Wang told me when I went back to my hometown in the countryside.
He said that the dog from jinxiao'er family on the side of the road in yingcun is very clever. He is a professional dog who sticks to his shoulder and focuses on the burden.It's not surprising that a dog will yell at a stranger and make a hacker, but the dog of the jinxiao family is different, because anyone who has a burden on his shoulder, it's hard to put the burden down when you see a dog (because it's rare to carry it up again), or even scare it without an attack. The dog of the jinxiao'er family sees this, so any passer-by who doesn't bring anything, he yelled at a few fans at most, and when there was a heavy burden on his shoulder, he would come and bite. As a result, all those who have picked the burden and crossed the door of jinxiao'er need an empty-handed person to accompany them. Just as there are too many "hackers", even though your system is positioned on a LAN, a single machine, or even a simple demonstration when we are working on any system, you need to assign a person responsible for security checks to prevent hacker intrusion ". Of course, the source code of easyjf open-source vulnerabilities that have "severe" and "low-level" security vulnerabilities should be criticized. I am also ashamed to be one of the members, at the same time, as a completely open-source product, we also hope that you will be more friendly in proposing similar vulnerabilities or repairing them yourself. I believe that everyone who has experienced this kind of thing is also very vigilant, just as the people in our village pay special attention to the Smart dog of the jinxiao family. But think about the cute dog in the village. I have a whimsy. If I go back next time, he will still be there. I must pick a Cotton Burden and turn around with an iron rod. When he comes up, he will use it to make fun of him. In this case, the "Spring fans"-style "hackers" are still very cute.
However, I still advise the "Spring fans" Friends:
Please do not deny the existence of pig in the world because you have never eaten pork or have never seen a pig run. It is not necessary that the pig year is as cute as the pig year ".
Finally, I post some code issued by netgod of easyjf to prevent "Cross-Site Scripting Vulnerability" intrusion. I hope you will be careful with "hackers "! <SCRIPT> alert ('easyjf'); </SCRIPT>
<Body background = "javascript: Alert ('easyjf')">
<Body onload = alert ('easyjf')>
<Bgsound src = "javascript: Alert ('easyjf');">
<Br size = "& {alert ('easyjf')}">
<Layer src = "http://www.easyjf.com/Trojan/a.js"> </layer>
<Table background = "javascript: Alert ('easyjf')">
<Div style = "background-image: URL (javascript: Alert ('easyjf')">
<XML src = "javascript: Alert ('easyjf');">
All of the above forms of Cross-Site Scripting will start cross-site injection, and can run JSP statements to harm the server!
For this vulnerability, you only need to simply close the information screen of the input boxes that may contain similar information. For B/S applications, one of the simplest ways is to replace "<" and Its Unicode code % 3C. The format is as follows:
Public static string eliminatescript (string value)
{
Return Value. replaceall ("<", "<"). replaceall ("% 3C", "<");
}
Of course, for forms that allow the input of HTML tags, they cannot be processed like the above, and they need to be processed one by one. There are still many other methods, as long as you pay attention to them, just like when the peasant uncle carrying the burden in the village passes by the door of the jinxiao family. 
