5

10

CIDE220055

(/)?

enteruserarea

CIDE220055

1
S1
5

S2

S3

S4

10

2 1
S1

15

3 1
S3

20

4 1
25

S4
S41

S42

CIDE220055

S43

5 4
S42
S421

S422
6 5
S421 S422
10

S42
7 4
S43

15

S41

CIDE220055

10

Web

Web

15

1
2

20

3
456
7
SQL

25

CIDE220055


SQL

2006
5

PayPal( e-mail
) PayPal

PayPal
Facebook 2008 12 15 2009 1 4

10

XSS Facebook
iPhone XSS
Facebook
Facebook
ID

15

url

20

url

CN101741645A

25

CN 101901307A
2

CIDE220055


SQL SQL

CN 101901221A
a HTTP
HTTP P
JavaScript
EJSRF JavaScript

10

JavaScript HTML HTML

P JavaScript b JavaScript
JavaScript EBN
JavaScript SDN
JavaScript

15

JavaScript SMDc EJSRFEBN

SDN SMD
HTTP

CN101895516A

20

A HTTP HTTP
B
B HTTP
HTTP URL Web HTTP
CC HTTP

25

Web Web Web

HTTP
HTTP

CIDE220055


CN 101686130

10

html5
js

IE chrome XSS

15

1
url
url 2

20

Firefox NoScrpit
Flash

25

CIDE220055


S1
S2
S3
5

S4

S1

10

S3

15

S4 S41
S42
S43

S42 S421

20

S422

S421 S422

S42

25

S43
S41

CIDE220055

/
5

1
2

10

15

20

XSSCross Site Scripting

AJAX JavaScript XMLAsynchronous JavaScript And XML

25

CIDE220055


enteruserarea(
)

enteruserarea(
)

10

enteruserarea()

15

IE chrome
Firefox

20

enteruserarea(
)

25

alert
var myalertalert
alert(
) myalert()
7

CIDE220055


alert cookie

alert

myalert myalert
cookie

10

15

1 2 1
2
3
1-3

20

S1
S2

S3
S4

25

S1

S3
8

CIDE220055

S4 S41
S42
5

S43

S42 S421
S422

10

S421 S422

S42
S43
S41

15

20

25

CIDE220055

10

15

20

25

RAMROM ROM
ROMCD-ROM
10

CIDE220055

10

15

CD-ROMRAM
ROM ROM ROMEPROM

20

ROMEEPROM

RAMROM

25

JavaSmalltalk C++
C
/

/
11

CIDE220055


//
/
///
5

/
/

10

//

15

/
/

20

25

12

CIDE220055

(/)?

enteruserarea

CIDE220055

(/)?

(/)?

(/)?

/?

CIDE220055

S1

S2

S3

S4

CIDE220055