Scribd Logo
Upload

Welcome to Scribd!

  • URL - URL - Meta-Character - HTML

    Uploaded by

    api-3777069
    3 views6 pages

    Original Title

    URL

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views6 pages

    URL - URL - Meta-Character - HTML

    Uploaded by

    api-3777069

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    ‫‪ URL‬ﺷﻤﺸﻴﺮ ﻧﻔﻮﺫﮔﺮﺍﻥ ﻭﺏ‬

    ‫‪URL‬‬
    ‫ﺷﻤﺸﻴﺮ ﻧﻔﻮﺫﮔﺮﺍﻥ ﻭﺏ‬
    ‫ﻣﻘﺪﻣﻪ‬
    ‫ﺩﺭ ﺑﻴﻦ ﺗﻤﺎﻣﻲ ﺗﻜﻨﻴﻜﻬﺎﻱ ﻫﻚ ‪ ،‬ﻫﻚ ﻛﺮﺩﻥ ﺍﺯ ﻃﺮﻳﻖ ﻭﺏ ﻳﻜﻲ ﺍﺯ ﺯﻳﺒﺎﺗﺮﻳﻦ ﺗﻜﻨﻴﻚ ﻫﺎ ﻣﻲ ﺑﺎﺷﺪ‪ .‬ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ‬
    ‫ﺩﺳﺘﻮﺭﺍﺕ ﺍﺟﺮﺍﻳﻲ ﺍﺯ ﻃﺮﻳﻖ ﻣﺮﻭﺭﮔﺮ ﻭﺏ ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺣﻤﻼﺕ ﺧﺮﺍﺑﻜﺎﺭﺍﻧﻪ ﭘﺮ ﺍﺯ ﺭﻳﺰﻩ ﻛﺎﺭﻳﻬﺎﻱ ﻧﺎﺏ ﻭ‬
    ‫ﺩﺭﺧﺸﺎﻥ ﺍﺳﺖ‪ .‬ﺩﺭ ﻣﻘﺎﺑﻞ ﺗﻤﺎﻣﻲ ﺗﻜﻨﻴﻚ ﻫﺎﻱ ﭘﻴﭽﻴﺪﻩ ﻭ ﻣﺸﻜﻞ ﻫﻚ‪ ،‬ﻫﻚ ﻛﺮﺩﻥ ﺍﺯ ﻃﺮﻳﻖ ﻭﺏ ﺳﺎﺩﻩ ﻭ ﺟﺰﻳﻲ‬
    ‫ﻣﻲ ﺑﺎﺷﺪ‪ .‬ﺑﻪ ﻋﻨﻮﺍﻥ ﻳﻚ ﻣﺜﺎﻝ ﺳﺎﺩﻩ ﺁﻳﺎ ﺷﻤﺎ ﻣﻲ ﺩﺍﻧﻴﺪ ﻛﻪ ﻓﻘﻂ ﺑﺎ ﻗﺮﺍﺭ ﺩﺍﺩﻥ ﻳﻚ “‪ ”%%‬ﻣﻲ ﺗﻮﺍﻥ ﺍﻣﻨﻴﺖ‬
    ‫ﺑﺮﻧﺎﻣﻪ ﻛﺎﺭﺑﺮﺩﻱ ﻭﺏ ﺷﻤﺎ ﺭﺍ ﺑﻪ ﺧﻄﺮ ﺍﻧﺪﺍﺧﺖ؟!‬
    ‫ﻣﻲ ﺗﻮﺍﻥ ﺍﻳﻨﮕﻮﻧﻪ ﻓﺮﺽ ﻛﺮﺩ ﻛﻪ ﻫﻚ ﻛﺮﺩﻥ ﺍﺯ ﻃﺮﻳﻖ ﻭﺏ ﻣﺎﻧﻨﺪ ﻳﻚ ﻋﻤﻞ ﺟﺮﺍﺣﻲ ﻛﻮﭼﻚ ﺍﺯ ﻃﺮﻳﻖ ﻓﻘﻂ ﻳﻚ‬
    ‫ﺳﻮﺭﺍﺥ ﺭﻳﺰ ﻣﻲ ﺑﺎﺷﺪ‪ .‬ﺩﺭ ﺍﺑﺘﺪﺍ ﺧﻴﻠﻲ ﻇﺮﻳﻒ ﻭ ﻛﻮﭼﻚ ﺍﺳﺖ ﻭﻟﻲ ﺩﺭ ﻋﻤﻖ ﻛﺎﺭ ﺟﺰﻭ ﻋﻤﻴﻖ ﺗﺮﻳﻦ ﻭ ﭘﻴﭽﻴﺪﻩ‬
    ‫ﺗﺮﻳﻦ ﺳﻴﺴﺘﻢ ﻫﺎ ﻣﻲ ﺑﺎﺷﺪ‪.‬‬
    ‫‪ URL‬ﺑﻌﻀﻲ ﻣﻮﺍﻗﻊ ﻓﻘﻂ ﺗﻨﻬﺎ ﺭﺍﻩ ﺍﺭﺗﺒﺎﻃﻲ ﺑﺎ ﺳﻴﺴﺘﻢ ﻫﺎﻱ ﺑﺰﺭﮒ ﻭ ﭘﻴﭽﻴﺪﻩ ﺍﻱ ﻣﻲ ﺑﺎﺷﺪ ﻛﻪ ﺩﺍﺭﺍﻱ ﺍﻣﻦ‬
    ‫ﺗﺮﻳﻦ ﺩﻳﻮﺍﺭ ﻫﺎﻱ ﺁﺗﺶ ﻣﻲ ﺑﺎﺷﻨﺪ! ﺩﺭ ﺍﻳﻦ ﻣﻘﺎﻟﻪ ﻓﻘﻂ ﻗﺼﺪ ﺁﻥ ﺭﺍ ﺩﺍﺭﻡ ﻛﻪ ﺩﺭﺑﺎﺭﻩ ‪ URL‬ﺑﺤﺚ ﻛﻨﻢ ﻭ ﺍﻳﻨﻜﻪ ﺑﻪ‬
    ‫ﻃﻮﺭ ﻛﻠﻲ ‪ URL‬ﭼﻴﺴﺖ ؟ ﻭ ﭼﮕﻮﻧﻪ ﺑﻪ ﻧﻔﻮﺫﮔﺮﺍﻥ ﻛﻤﻚ ﻣﻲ ﻛﻨﺪ؟ ﻭ ﻳﺎ ﺑﺪ ﺑﻪ ﻛﺎﺭ ﺑﺮﺩﻥ ﺁﻥ ﻣﻤﻜﻦ ﺍﺳﺖ ﭼﻪ‬
    ‫ﺧﺼﺎﺭﺗﻬﺎﻱ ﺑﻪ ﺳﻴﺴﺘﻢ ﻭﺍﺭﺩ ﺷﻮﺩ؟‬
    ‫ﺑﺎ ﻣﺜﺎﻟﻬﺎﻱ ﻇﺮﻳﻔﻲ ﻛﻪ ﺩﺭ ﺍﻳﻦ ﻣﺒﺤﺚ ﺯﺩﻩ ﻣﻲ ﺷﻮﺩ ﺗﻮﻟﻴﺪ ﻛﻨﻨﺪﮔﺎﻥ ﺑﺮﻧﺎﻣﻪ ﻫﺎﻱ ﻭﺏ ﻭ ﮔﺮﻭﻫﻬﺎﻱ ﻛﻪ ﺩﺭ ﺯﻣﻴﻨﻪ‬
    ‫ﺗﻜﻨﻮﻟﻮﮊﻱ ﺍﻃﻼﻋﺎﺕ ﻛﺎﺭ ﻣﻲ ﻛﻨﻨﺪ ﺑﻪ ﺧﻄﺮﻱ ﻛﻪ ﺗﺎ ﺣﺪﻱ ﺁﻧﻬﺎ ﺭﺍ ﺗﻬﺪﻳﺪ ﻣﻲ ﻛﻨﺪ ﭘﻲ ﻣﻲ ﺑﺮﻧﺪ‪.‬‬
    ‫ﺍﻛﺜﺮ ﺣﻤﻼﺕ ﻭﺏ ﺑﺴﻴﺎﺭ ﻇﺮﻳﻒ ﺍﺳﺖ ‪ .‬ﻧﻔﻮﺫﮔﺮﺍﻥ ﺑﺎ ﻗﺪﻣﻬﺎﻱ ﻛﻮﭼﻚ ﺷﺮﻭﻉ ﻣﻲ ﻛﻨﻨﺪ ﻣﺎﻧﻨﺪ ﺍﻳﻨﻜﻪ ﺳﺎﻳﺖ ﻭﺏ‬
    ‫ﭼﮕﻮﻧﻪ ﻭ ﺑﺮﺍﻱ ﭼﻪ ﺳﺎﺧﺘﻪ ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﻫﺮ ﺗﺤﻘﻴﻖ ﻭ ﺟﺴﺘﺠﻮﻱ ﺑﻴﺸﺘﺮ ﺩﺭ ﺳﺎﻳﺖ ‪ ،‬ﻧﻔﻮﺫﮔﺮ ﺭﺍ ﺑﻪ ﻗﺴﻤﺘﻬﺎﻱ‬
    ‫ﻋﻤﻴﻖ ﺗﺮ ﺩﺍﺧﻠﻲ ﻫﺪﺍﻳﺖ ﻣﻲ ﻛﻨﺪ‪ .‬ﻇﺮﺍﻓﺖ ﺍﻳﻨﮕﻮﻧﻪ ﺣﻤﻼﺕ ﺑﻪ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﻧﻔﻮﺫﮔﺮ ﻓﻘﻂ ﺑﻪ ﻳﻚ ﺍﺑﺰﺍﺭ ﺍﺣﺘﻴﺎﺝ‬
    ‫ﺩﺍﺭﺩ ‪ :‬ﻳﻚ ﻣﺮﻭﺭﮔﺮ ﻭﺏ !‬
    ‫ﻣﻮﺍﺭﺩﻱ ﻛﻪ ﺩﺭ ﺍﻳﻨﺠﺎ ﻗﺼﺪ ﺗﻮﺿﻴﺢ ﺁﻥ ﺭﺍ ﺩﺍﺭﻳﻢ ﻋﺒﺎﺭﺗﻨﺪ ﺍﺯ‪:‬‬
    ‫ﺳﺎﺧﺘﻤﺎﻥ ‪URL‬‬ ‫‪-‬‬
    ‫ﺭﻣﺰﮔﺬﺍﺭﻱ ‪URL‬‬ ‫‪-‬‬
    ‫ﻛﺪﻫﺎﻱ ﺍﺳﻜﻲ ﻧﻤﺎﻳﺶ ﺩﺍﺩﻩ ﺷﺪﻩ ﺩﺭ ﻫﮕﺰﺍ ﺩﺳﻴﻤﺎﻝ ﻭ ﻳﻮﻧﻲ ﻛﺪ‬ ‫‪-‬‬
    ‫‪ Meta-character‬ﻫﺎ ﻭ ﺗﺎﺛﻴﺮﺍﺕ ﺁﻧﻬﺎ ﺑﺮ ﺑﺮﻧﺎﻣﻪ ﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ‬ ‫‪-‬‬
    ‫ﻓﺮﻣﻬﺎﻱ ‪ HTML‬ﻭ ﺍﺭﺟﺎﻉ ﭘﺎﺭﺍﻣﺘﺮﻫﺎ‬ ‫‪-‬‬
    ‫ﺩﺭ ﺍﻳﻨﺠﺎ ﻓﺮﺽ ﺑﺮ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺧﻮﺍﻧﻨﺪﮔﺎﻥ ﻋﺰﻳﺰ ﺑﺎ ﭘﺮﻭﺗﻜﻞ ‪ HTTP‬ﻭ ‪ HTML‬ﺁﺷﻨﺎ ﻣﻲ ﺑﺎﺷﻨﺪ‪.‬‬

    ‫ﺳﺎﺧﺘﻤﺎﻥ ‪URL‬‬

    ‫‪1‬‬ ‫‪WWW.WebSecurityMgz.com‬‬
    ‫‪ URL‬ﺷﻤﺸﻴﺮ ﻧﻔﻮﺫﮔﺮﺍﻥ ﻭﺏ‬

    ‫‪ URL‬ﺩﺭ ﺍﺻﻞ ﻣﻜﺎﻧﻴﺰﻣﻲ ﺑﺮﺍﻱ ﻣﺸﺨﺺ ﻛﺮﺩﻥ ﻣﻨﺎﺑﻊ ﺍﻳﻨﺘﺮﻧﺖ ﺭﻭﻱ ﻭﺏ ﻭ ﻳﺎ ﺳﺮﻭﺭﻫﺎﻱ ‪ FTP‬ﻫﺴﺘﻨﺪ ﻭ‬
    ‫ﺷﺎﻣﻞ ﻻﻳﻪ ﭘﺮﻭﺗﻜﻞ ﺑﺮﻧﺎﻣﻪ ﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻣﻲ ﺑﺎﺷﻨﺪ ﻛﻪ ﻫﺮ ﻛﺪﺍﻡ ﺩﺭﺧﻮﺍﺳﺘﻬﺎﻳﻲ ﺭﺍ ﺭﻭﻱ ﻳﻚ ﺳﺮﻭﺭ ﻭﺏ ﻣﻲ‬
    ‫ﺳﺎﺯﻧﺪ‪.‬‬
    ‫ﺍﻳﻦ ﺳﺎﺧﺘﻤﺎﻥ ﻋﻤﻮﻣﻲ ﻳﻚ ‪ URL‬ﺍﺳﺖ‪:‬‬
    ‫‪Protocol://Server/Path/to/resource?parameter‬‬

    ‫‪Protocol‬‬
    ‫ﭘﺮﻭﺗﻜﻞ ﻻﻳﻪ ‪ .Application‬ﻋﻤﻮﻣﻲ ﺗﺮﻳﻦ ﺍﺳﺘﻔﺎﺩﻩ ‪ URL‬ﻫﺎ ﺩﺭ ﺩﺭﺧﻮﺍﺳﺘﻬﺎﻱ ﻣﻨﺎﺑﻊ ﺍﺯ ﺳﺮﻭﺭﻫﺎﻱ ﻭﺏ ﻣﻲ‬
    ‫ﺑﺎﺷﺪ‪ ( HTTP Server ) .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﻋﻤﻮﻣﻲ ﺗﺮﻳﻦ ﭘﺮﻭﺗﻜﻞ ‪ HTTP‬ﻣﻲ ﺑﺎﺷﺪ ﻭ ﺑﻘﻴﻪ ﭘﺮﻭﺗﻜﻠﻬﺎ ﻣﺎﻧﻨﺪ ‪، https‬‬
    ‫‪ pop3 ، telnet ، ldap ، ftp‬ﻭ ﻏﻴﺮﻩ ﺑﺴﺘﮕﻲ ﺑﻪ ﺁﻥ ﺩﺍﺭﻧﺪ ﻛﻪ ﻣﺮﻭﮔﺮ ﻭ ﻳﺎ ﺳﺮﻭﺭ ﭼﻪ ﭼﻴﺰﻱ ﺭﺍ ﭘﺸﺘﻴﺒﺎﻧﻲ ﻣﻲ‬
    ‫ﻛﻨﺪ‪.‬‬
    ‫‪Server‬‬
    ‫ﻧﺎﻡ ﺣﻮﺯﻩ ‪ ، DNS‬ﻧﺎﻡ ‪ Netbios‬ﻳﺎ ﺁﺩﺭﺱ ‪ IP‬ﻳﻚ ﻣﻴﺰﺑﺎﻥ ﻭ ﻳﺎ ﻳﻚ ﺷﺒﻜﻪ‬
    ‫‪Path/to/resource‬‬
    ‫ﻣﺴﻴﺮ ﺩﺍﻳﺮﻛﺘﻮﺭﻱ ‪ ،‬ﺷﺎﻣﻞ ﻧﺎﻡ ﻣﻨﺎﺑﻌﻲ ﻛﻪ ﺩﺭﺧﻮﺍﺳﺖ ﺷﺪﻩ ﺍﻧﺪ ﻭ ﺍﻳﻦ ﻣﻨﺎﺑﻊ ﻣﻲ ﺗﻮﺍﻧﻨﺪ ﻳﻚ ﻓﺎﻳﻞ ﺍﻳﺴﺘﺎ ﺑﺎﺷﻨﺪ‬
    ‫ﻭ ﻳﺎ ﻳﻚ ﺑﺮﻧﺎﻣﻪ ﻛﺎﺭﺑﺮﺩﻱ ﻛﻪ ﺑﻪ ﺻﻮﺭﺕ ﭘﻮﻳﺎ ﺧﺮﻭﺟﻲ ﺭﺍ ﺗﻮﻟﻴﺪ ﻣﻲ ﻛﻨﻨﺪ‪.‬‬
    ‫‪Parameters‬‬
    ‫ﺑﻪ ﺻﻮﺭﺕ ﻋﻤﻠﻲ ‪ ،‬ﭘﺎﺭﺍﻣﺘﺮﻫﺎ ﻫﻨﮕﺎﻣﻲ ﺑﻪ ﻳﻚ ﻣﻨﺒﻊ ﺍﺭﺟﺎﻉ ﺩﺍﺩﻩ ﻣﻲ ﺷﻮﻧﺪ ﻛﻪ ﻳﻚ ﺑﺮﻧﺎﻣﻪ ﻛﺎﺭﺑﺮﺩﻱ ﻭ ﻳﺎ ﻳﻚ‬
    ‫ﺑﺮﻧﺎﻣﻪ ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ ﻛﻪ ﺑﻪ ﺻﻮﺭﺕ ﭘﻮﻳﺎ ﺧﺮﻭﺟﻲ ﺗﻮﻟﻴﺪ ﻛﻨﺪ‪.‬‬
    ‫ﺷﻜﻞ ‪ ١‬ﺍﻧﻮﺍﻉ ‪ URL‬ﺭﺍ ﻧﺸﺎﻥ ﻣﻲ ﺩﻫﺪ‪ URL .‬ﻧﺸﺎﻥ ﺩﺍﺩﻩ ﺷﺪﻩ ﺩﺭ ﺷﻜﻞ ‪-١‬ﺍﻟﻒ ﺧﻴﻠﻲ ﻭﺍﺿﺢ ﻭ ﺭﻭﺷﻦ‬
    ‫ﺍﺳﺖ‪ .‬ﻓﺎﻳﻞ ‪ Monalisa.html‬ﻳﻚ ﺩﺭﺧﻮﺍﺳﺘﻲ ﻣﻲ ﺑﺎﺷﺪ ﻛﻪ ﺍﺯ ﺳﺮﻭﺭﻱ ﺑﻪ ﻧﺎﻡ ‪www.blueballoon.com‬‬
    ‫‪ www.blueballoon.com‬ﻣﺴﻴﺮ‬ ‫ﺷﺪﻩ ﺍﺳﺖ‪ .‬ﻣﻮﻗﻌﻴﺖ ﻓﺎﻳﻞ ‪ Monalsia.html‬ﺩﺭ ﻭﺏ ﺳﺎﻳﺖ‬
    ‫‪ /pictures/davinchi‬ﻣﻲ ﺑﺎﺷﺪ‪ URL .‬ﻧﺸﺎﻥ ﺩﺍﺩﻩ ﺷﺪﻩ ﺩﺭ ﺷﻜﻞ ‪-١‬ﺏ ﻣﺜﺎﻟﻲ ﺍﺯ ﻳﻚ ﭘﺮﻭﺗﻜﻞ ﺩﻳﮕﺮ ﻣﻲ‬
    ‫ﺑﺎﺷﺪ ‪ .‬ﺍﻳﻦ ﭘﺮﻭﺗﻜﻞ ﺑﺎﻋﺚ ﻣﻲ ﺷﻮﺩ ﻛﻪ ﻛﺎﺭﺑﺮ ﻳﻚ ﺍﺭﺗﺒﺎﻁ ‪ FTP‬ﺑﺮﺍﻱ ﻳﻚ ﻛﺎﺭﺑﺮ ‪ anonymous‬ﺑﺎ ﺳﺮﻭﺭ‬
    ‫‪ www.blueballoon.com‬ﺑﺮﻗﺮﺍﺭ ﻛﻨﺪ ﻭ ﻓﺎﻳﻞ ‪ img_viewer.exe‬ﺭﺍ ﺍﺯ ﺩﺍﻳﺮﻛﺘﻮﺭﻱ ‪ /pub/‬ﺩﺭﻳﺎﻓﺖ ﻛﻨﺪ‪.‬‬
    ‫‪ URL‬ﻧﺸﺎﻥ ﺩﺍﺩﻩ ﺷﺪﻩ ﺩﺭ ﺷﻜﻞ ‪-٢‬ﺝ ﺍﺯ ﻳﻚ ﺑﺮﻧﺎﻣﻪ ﻛﺎﺭﺑﺮﺩﻱ ﺩﺭﺧﻮﺍﺳﺘﻲ ﺭﺍ ﻛﺮﺩﻩ ﺍﺳﺖ‪ .‬ﺑﺮﻧﺎﻣﻪ ﻛﺎﺭﺑﺮﺩﻱ‬
    ‫‪ View.asp‬ﻣﻲ ﺑﺎﺷﺪ ﻛﻪ ﺩﺭ ﺩﺍﻳﺮﻛﺘﻮﺭﻱ ‪ News‬ﻗﺮﺍﺭ ﺩﺍﺭﺩ‪ .‬ﻳﻚ ﭘﺎﺭﺍﻣﺘﺮ ﺑﻪ ﺑﺮﻧﺎﻣﻪ ﺍﺭﺟﺎﻉ ﻣﻲ ﺷﻮﺩ ‪ ID .‬ﻛﻪ‬
    ‫ﻣﺤﺘﻮﻱ ﻳﻚ ﺭﻗﻢ ‪ 820620‬ﻣﻲ ﺑﺎﺷﺪ‪.‬‬

    ‫‪http:// www.blueballoon.com/pictures/davinchi/monalisa.html‬‬
    ‫‪Protocol‬‬ ‫‪Server Name‬‬ ‫ﻣﺴﻴﺮ ﻓﺎﻳﻠﻲ ﻛﻪ ﺩﺭﺧﻮﺍﺳﺖ ﺷﺪﻩ ﺍﺳﺖ‬

    ‫ﺍﻟﻒ‬
    ‫‪ftp:// 192.168.17.33/pub/img_viewer.exe‬‬
    ‫‪Protocol‬‬ ‫ﻧﺎﻡ ﺳﺮﻭﺭ‬ ‫ﻣﺴﻴﺮ ﻓﺎﻳﻞ ﺩﺭﺧﻮﺍﺳﺖ ﺷﺪﻩ‬

    ‫ﺏ‬
    ‫‪http:// www.ITIran.com/News/View.asp?ID=820620‬‬
    ‫‪Protocol‬‬ ‫ﻧﺎﻡ ﺳﺮﻭﺭ‬ ‫ﻣﺴﻴﺮ ﺑﺮﻧﺎﻣﻪ ﻛﺎﺭﺑﺮﺩﻱ‬ ‫ﭘﺎﺭﺍﻣﺘﺮ ﺍﺭﺟﺎﻉ ﺷﺪﻩ ﺑﻪ ﺑﺮﻧﺎﻣﻪ‬
    ‫‪View.asp‬ﻛﺎﺭﺑﺮﺩﻱ‬
    ‫‪2‬‬ ‫ﺩﺭﺧﻮﺍﺳﺖ ﺷﺪﻩ‬ ‫‪WWW.WebSecurityMgz.com‬‬
    ‫‪ URL‬ﺷﻤﺸﻴﺮ ﻧﻔﻮﺫﮔﺮﺍﻥ ﻭﺏ‬

    ‫ﺣﺎﻝ ﺍﺟﺎﺯﻩ ﺑﺪﻫﻴﺪ ﻛﻪ ﺑﻪ ﭼﮕﻮﻧﮕﻲ ﺍﺭﺟﺎﻉ ﭘﺎﺭﺍﻣﺘﺮﻫﺎ ﺑﻪ ﺑﺮﻧﺎﻣﻪ ﻫﺎﻱ ﻛﺎﺭﺑﺮﺩﻱ ﻧﮕﺎﻫﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﻢ‪.‬‬

    ‫‪3‬‬ ‫‪WWW.WebSecurityMgz.com‬‬
    ‫‪ URL‬ﺷﻤﺸﻴﺮ ﻧﻔﻮﺫﮔﺮﺍﻥ ﻭﺏ‬

    ‫ﺭﻭﺍﻧﺸﻨﺎﺳﻲ ﻧﻔﻮﺫﮔﺮﺍﻥ ﻭﺏ‬


    ‫ﺍﻳﻦ ﺩﻓﻌﻪ ﺑﺮﺍﻱ ﺯﻧﮓ ﺗﻔﺮﻳﺢ ﻣﻲ ﺧﻮﺍﻫﻴﻢ ﭘﺎﻣﻮﻧﻮ ﺗﻮ ﻛﻔﺶ ﻧﻔﻮﺫﮔﺮﺍﻥ ﺑﻜﻨﻴﻢ !‬
    ‫ﻧﻔﻮﺫﮔﺮﺍﻥ ﭼﻪ ﻛﺎﺭ ﻣﻲ ﻛﻨﻨﺪ؟ ﺑﻪ ﺻﻮﺭﺕ ﻣﺨﺘﺼﺮ‪ ،‬ﻧﻔﻮﺫﮔﺮﺍﻥ ﻗﺪﺭﺕ ﺯﻳﺎﺩﻱ ﺩﺭ ﺍﺳﺘﻘﺮﺍ ﺩﺍﺭﻧﺪ! ﻳﻌﻨﻲ ﺍﺯ ﺭﻭﻱ‬
    ‫ﺷﻮﺍﻫﺪ ﻭ ﻣﺪﺍﺭﻙ ﻣﻮﺟﻮﺩ ﻣﻲ ﺗﻮﺍﻧﻨﺪ ﺧﻴﻠﻲ ﭼﻴﺰﻫﺎ ﺭﺍ ﭘﻴﺶ ﺑﻴﻨﻲ ﻛﻨﻨﺪ!‬
    ‫ﺁﻧﻬﺎ ﻣﻲ ﺗﻮﺍﻧﻨﺪ ﺑﺎ ﺧﻮﺍﻧﺪﻥ ﺑﻌﻀﻲ ﺧﻄﻮﻁ ﺩﺭ ﺳﺎﻳﺖ ﺷﻤﺎ ﻣﺘﻮﺟﻪ ﺑﺸﻮﻧﺪ ﻛﻪ ﭼﻪ ﭼﻴﺰﻱ ﺩﺭ ﺣﺎﻝ ﺍﻧﺠﺎﻡ ﺍﺳﺖ ‪،‬‬
    ‫ﺳﭙﺲ ﺑﺎ ﺗﺮﻛﻴﺐ ﻛﺮﺩﻥ ﺧﻴﻠﻲ ﺍﺯ ﭼﻴﺰﻫﺎﻱ ﻛﻮﭼﻜﻲ ﻛﻪ ﺑﻪ ﺩﺳﺖ ﺁﻭﺭﺩﻩ ﺍﻧﺪ ‪ ،‬ﺑﻪ ﻣﻜﺎﻧﻴﺴﻤﻬﺎﻱ ﺩﺍﺧﻠﻲ ﺩﻳﮕﺮ ﻧﻴﺰ‬
    ‫ﭘﻲ ﻣﻲ ﺑﺮﻧﺪ‪.‬‬
    ‫ﺍﺟﺎﺯﻩ ﺑﺪﻫﻴﺪ ﺑﻪ ‪ URL‬ﻧﺸﺎﻥ ﺩﺍﺩﻩ ﺷﺪﻩ ﺩﺭ ﺷﻜﻞ ‪-١‬ﺝ ﻧﮕﺎﻫﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﻢ‪:‬‬
    ‫‪http:// www.ITIran.com/News/View.asp?ID=820620‬‬
    ‫ﺍﻳﻦ ‪ URL‬ﺍﺯ ﻳﻚ ﺑﺮﻧﺎﻣﻪ ﻛﺎﺭﺑﺮﺩﻱ ﻭ ﻳﺎ ﻳﻚ ﺑﺮﻧﺎﻣﻪ ﻛﻮﭼﻚ ﻣﻲ ﺑﺎﺷﺪ ﻛﻪ ﺑﻪ ﺻﻮﺭﺕ ﺧﻮﺩﻛﺎﺭ ﺧﺮﻭﺟﻲ ﻫﺎﻱ‬
    ‫ﺧﻮﺩﺵ ﺭﺍ ﺍﺯ ﺭﻭﻱ ﭘﺎﺭﺍﻣﺘﺮﻫﺎﻱ ﺍﺭﺟﺎﻉ ﺷﺪﻩ ﺑﻪ ﺑﺮﻧﺎﻣﻪ ﺗﻮﻟﻴﺪ ﻣﻲ ﻛﻨﺪ‪ .‬ﭼﻪ ﺍﻃﻼﻋﺎﺕ ﺩﻳﮕﺮﻱ ﺭﺍ ﻣﻲ ﺗﻮﺍﻥ ﺍﺯ ﺩﻝ‬
    ‫ﺍﻳﻦ ‪ URL‬ﺑﻴﺮﻭﻥ ﻛﺸﻴﺪ؟!‬
    ‫ﺑﺎ ﺍﻭﻟﻴﻦ ﺍﺳﺘﻨﺘﺎﺝ ‪ ،‬ﻣﻲ ﺗﻮﺍﻥ ﺍﺯ ﺭﻭﻱ ﻧﺎﻡ ﻣﻨﺒﻊ ‪ View.asp‬ﻣﺘﻮﺟﻪ ﺷﺪ ﻛﻪ ﺍﻳﻦ ﻓﺎﻳﻞ ﺑﺎ ﭘﺴﻮﻧﺪ ‪ .asp‬ﻣﻲ ﺑﺎﺷﺪ‬
    ‫ﺍﻳﻦ ﻓﺎﻳﻞ ﺑﻪ ﺻﻮﺭﺕ ﻣﻄﻤﺌﻦ ﻳﻚ ﻓﺎﻳﻞ )‪ Microsoft Active Server Page (ASP‬ﻣﻲ ﺑﺎﺷﺪ‪ .‬ﻓﺎﻳﻠﻬﺎﻱ ‪ASP‬‬
    ‫ﻧﻴﺰ ﺗﻘﺮﻳﺒﺎ ﺑﻪ ﺻﻮﺭﺕ ﺍﻧﺤﺼﺎﺭﻱ ﺭﻭﻱ ﺳﺮﻭﻫﺎﻱ ‪ IIS WEB Server‬ﺍﺟﺮﺍ ﻣﻲ ﺷﻮﻧﺪ‪.‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﺳﺮﻭﺭ ﺳﺎﻳﺖ‬
    ‫‪ www.ITIran.com‬ﺑﻪ ﺍﺣﺘﻤﺎﻝ ﺯﻳﺎﺩ ﻳﻚ ﻭﻳﻨﺪﻭﺯ ﺳﺮﻭﺭ ‪ NT/2000/XP‬ﻣﻲ ﺑﺎﺷﺪ ﻛﻪ ‪ IIS‬ﺭﻭﻱ ﺁﻥ ﺍﺟﺮﺍ‬
    ‫ﺷﺪﻩ ﺍﺳﺖ‪.‬‬
    ‫ﺧﺐ‪ ،‬ﺣﺎﻻ ﻧﮕﺎﻫﻲ ﺑﻪ ﭘﺎﺭﺍﻣﺘﺮﻫﺎ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﻢ‪ .‬ﻣﺎ ﻧﺸﺎﻧﻪ ﻫﺎﻱ ﺑﻴﺸﺘﺮﻱ ﺭﺍ ﻛﺸﻒ ﻣﻲ ﻛﻨﻴﻢ‪ .‬ﭘﺎﺭﺍﻣﺘﺮ‬
    ‫‪ ID=820620‬ﺩﺭ ﺍﺻﻞ ﻳﻚ ﺷﻤﺎﺭﻩ ﻣﻲ ﺑﺎﺷﺪ ﻛﻪ ﺷﻤﺎﺭﻩ ﺍﻧﺤﺼﺎﺭﻱ ﻳﻚ ﺧﺒﺮ ﺍﺳﺖ ﻛﻪ ﺑﺎﻳﺪ ﺩﺭ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩ‬
    ‫ﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ‪ .‬ﺍﻣﺎ ﻣﺤﺒﻮﺏ ﺗﺮﻳﻦ ﻭ ﻋﻤﻮﻣﻲ ﺗﺮﻳﻦ ﺍﻧﺘﺨﺎﺏ ﺑﺮﺍﻱ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩ ﺭﻭﻱ ﻭﻳﻨﺪﻭﺯ‬
    ‫‪ ، NT/2000/XP‬ﻣﻌﻤﻮﻻ ‪ Microsofte SQL Server‬ﻭ ﻳﺎ ‪ Microsofte Access‬ﻣﻲ ﺑﺎﺷﺪ‪ .‬ﺍﮔﺮ ﻳﻚ‬
    ‫ﺳﺎﻳﺖ ﻛﻮﭼﻚ ﺑﺎﺷﺪ ﻣﻤﻜﻦ ﺍﺳﺖ ﻛﻪ ﺍﺯ ‪ Access‬ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﺪ‪ .‬ﺑﻨﺎﺑﺮﺍﻳﻦ ﻓﺎﻳﻞ ‪ View.asp‬ﺷﺒﺎﻫﺖ ﺯﻳﺎﺩﻱ ﺑﻪ‬
    ‫ﻓﺎﻳﻠﻲ ﺩﺍﺭﺩ ﻛﻪ ﻳﻚ ‪ SQL Query‬ﺑﺮﺍﻱ ﺳﺮﻭﺭ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩ ﻣﻲ ﺳﺎﺯﺩ ﺗﺎ ﺑﻪ ﻭﺳﻴﻠﻪ ﭘﺎﺭﺍﻣﺘﺮ ﺍﺭﺟﺎﻉ ﺷﺪﻩ ﺑﺎ ﺁﻥ‬
    ‫ﺟﺰﻳﻴﺎﺕ ﺑﻴﺸﺘﺮﻱ ﺭﺍ ﺍﺯ ﭘﺎﻳﮕﺎﻩ ﺩﺍﺩﻩ ﻧﻤﺎﻳﺶ ﺩﻫﺪ‪.‬‬
    ‫ﺍﻣﺎ ﺑﺎ ﻧﮕﺎﻫﻲ ﺯﻳﺮﻛﺎﻧﻪ ﺗﺮ ﺑﻪ ﭘﺎﺭﺍﻣﺘﺮ ﺍﺭﺟﺎﻉ ﺷﺪﻩ ﻣﻲ ﺗﻮﺍﻥ ﺩﺭﻳﺎﻓﺖ ﻛﻪ ﺍﻳﻦ ﭘﺎﺭﺍﻣﺘﺮ ﺷﺎﻣﻞ ﺳﻪ ﻗﺴﻤﺖ ﻣﻲ ﺑﺎﺷﺪ‬
    ‫‪:‬‬
    ‫‪ID=820620‬‬

    ‫ﻛﻪ ﻧﺸﺎﻧﮕﺮ ﺍﻳﻦ ﻣﻮﺿﻮﻉ ﺍﺳﺖ ﻛﻪ ﺧﺒﺮ ﻧﻤﺎﻳﺶ ﺩﺍﺩﻩ ﺷﺪﻩ ﺑﺮﺍﻱ ﺳﺎﻝ ‪ ٨٢‬ﻭ ﻣﺎﻩ ‪ ٠٦‬ﻳﻌﻨﻲ ﺷﻬﺮﻳﻮﺭ ﻭ ﺭﻭﺯ ‪٢٠‬‬
    ‫ﻣﻲ ﺑﺎﺷﺪ!‬
    ‫ﺍﻣﺎ ﺟﺰﻳﻴﺎﺕ ﺑﻴﺸﺘﺮﻱ ﺭﺍ ﻣﻲ ﺗﻮﺍﻥ ﺍﺯ ﺍﻳﻦ ﭘﺎﺭﺍﻣﺘﺮ ﻫﺎ ﻓﻬﻤﻴﺪ ﻭ ﻣﺎ ﺩﺭ ﺁﻳﻨﺪﻩ‪ ،‬ﺑﻴﺸﺘﺮ ﺭﻭﻱ ﺗﻜﻨﻴﻚ ﻫﺎﻱ ﻧﻘﺸﻪ‬
    ‫ﺑﺮﺩﺍﺭﻱ ﺍﺯ ﭘﺎﻳﻴﻦ ﺑﻪ ﺑﺎﻻ ﺑﺤﺚ ﻣﻲ ﻛﻨﻴﻢ‪.‬‬

    ‫‪4‬‬ ‫‪WWW.WebSecurityMgz.com‬‬
    ‫‪ URL‬ﺷﻤﺸﻴﺮ ﻧﻔﻮﺫﮔﺮﺍﻥ ﻭﺏ‬

    ‫ﺭﻣﺰ ﻧﮕﺎﺭﻱ ‪URL‬‬


    ‫ﺑﻪ ﺧﻮﺩﻱ ﺧﻮﺩ ﻳﻚ ‪ URL‬ﻫﻴﭻ ﭼﻴﺰﻱ ﻧﻴﺴﺖ ﺑﻪ ﺟﺰ ﺭﺷﺘﻪ ﻫﺎﻱ ﺍﻟﻔﺒﺎﻳﻲ ﻭ ﺑﻌﻀﻲ ﻧﺸﺎﻧﻪ ﻫﺎﻳﻲ ﺩﺭﻭﻥ ﺁﻥ!‬
    ‫ﻣﺠﻤﻮﻋﻪ ﻛﺎﺭﺍﻛﺘﺮﻫﺎﻱ ﺍﻧﺘﺨﺎﺏ ﺷﺪﻩ ﺑﺮﺍﻱ ﻣﺸﺨﺺ ﻛﺮﺩﻥ ﻳﻚ ‪ ، URL‬ﺭﺷﺘﻪ ﻫﺎﻳﻲ ﺷﺎﻣﻞ ﻧﺸﺎﻧﻪ ﻫﺎﻱ ﺯﻳﺮ ﻣﻲ‬
    ‫ﺑﺎﺷﻨﺪ‪:‬‬
    ‫‪A-Z , a-z , 0-9‬‬ ‫ﺭﺷﺘﻪ ﻫﺎﻱ ﻋﺪﺩﻱ ﻭ ﺍﻟﻔﺒﺎﻳﻲ‬
    ‫‪“; / : @ & = + $ , < > # %‬‬ ‫ﻧﺸﺎﻧﻪ ﻫﺎﻱ ﺍﺧﺘﺼﺎﺻﻲ‬
    ‫* ~ ! ‪( ) { } | \ ^ [ ] ‘- _ .‬‬ ‫ﻛﺎﺭﺍﻛﺘﺮﻫﺎﻱ ﻣﺨﺼﻮﺹ ﺩﻳﮕﺮ‬
    ‫ﺧﻴﻠﻲ ﺍﺯ ﺩﻓﻌﺎﺕ‪ ،‬ﻳﻚ ﺭﺷﺘﻪ ‪ URL‬ﺷﺎﻣﻞ ﺣﺮﻭﻑ‪ ،‬ﺍﻋﺪﺍﺩ ﻭ ﻧﺸﺎﻧﻪ ﻫﺎﻱ ﺭﺯﺭﻭ ﺷﺪﻩ ﻣﻲ ﺑﺎﺷﺪ ﻛﻪ ﻣﻌﻨﻲ‬
    ‫ﻣﺨﺼﻮﺹ ﺩﺭﻭﻥ ﻳﻚ ‪ URL‬ﺩﺍﺭﺩ‪.‬ﻛﺎﺭﺍﻛﺘﺮﻫﺎﻱ ﻣﺨﺼﻮﺹ ﺩﻳﮕﺮ ﻣﻌﻨﺎﻱ ﭼﻨﺪﺍﻥ ﻣﺨﺼﻮﺻﻲ ﺑﺮﺍﻱ ‪URL‬‬
    ‫ﻧﺪﺍﺭﻧﺪ‪.‬ﺑﻪ ﻫﺮ ﺟﻬﺖ ﺁﻧﻬﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﻣﻌﻨﺎﻱ ﻣﺨﺼﻮﺻﻲ ﺑﺮﺍﻱ ﺳﺮﻭﻳﺲ ﺩﻫﻨﺪﻩ ﻭﺏ ﻭ ﻳﺎ ﺑﺮﻧﺎﻣﻪ ﻛﺎﺭﺑﺮﺩﻱ ﻛﻪ‬
    ‫ﺍﺯ ﻃﺮﻳﻖ ﻭﺏ ﺩﺭﺧﻮﺍﺳﺖ ﺷﺪﻩ ﺍﺳﺖ ‪ ،‬ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ‪.‬‬
    ‫ﺗﻔﺴﻴﺮ ﺑﻌﻀﻲ ﺍﺯ ﺍﻳﻨﮕﻮﻧﻪ ﻛﺎﺭﺍﻛﺘﺮﻫﺎﻱ ﻣﺨﺼﻮﺹ ﺩﺭ ﺟﺪﻭﻝ ‪ ٢‬ﻧﻤﺎﻳﺶ ﺩﺍﺩﻩ ﺷﺪﻩ ﺍﺳﺖ‪.‬‬

    ‫‪5‬‬ ‫‪WWW.WebSecurityMgz.com‬‬
    ‫‪ URL‬ﺷﻤﺸﻴﺮ ﻧﻔﻮﺫﮔﺮﺍﻥ ﻭﺏ‬

    ‫ﺟﺪﻭﻝ ﺷﻤﺎﺭﻩ ‪٢‬‬


    ‫ﺗﻔﺴﻴﺮ‬ ‫ﻛﺎﺭﺍﻛﺘﺮ ﻣﺨﺼﻮﺹ‬
    ‫ﺟﺪﺍﻛﻨﻨﺪﻩ ﺭﺷﺘﻪ ﻫﺎﻱ ﭘﺮﺳﺸﻨﺎﻣﻪ ﻫﺎ ‪ .‬ﺑﺨﺸﻲ ﺍﺯ ‪ URL‬ﻛﻪ ﺩﺭ ﺳﻤﺖ ﺭﺍﺳﺖ ? ﻗﺮﺍﺭ‬
    ‫‪١‬‬
    ‫?‬
    ‫ﺩﺍﺭﺩﻳﻚ ﺭﺷﺘﻪ ﭘﺮﺳﺸﻨﺎﻣﻪ ﻣﻲ ﺑﺎﺷﺪ‪.‬‬
    ‫ﭘﺎﺭﺍﻣﺘﺮ ﺟﺪﺍﻛﻨﻨﺪﻩ‪ .‬ﺑﺮﺍﻱ ﺟﺪﺍ ﻛﺮﺩﻥ ﭘﺎﺭﺍﻣﺘﺮ ﻫﺎﻱ ‪ Name=Value‬ﺑﻪ ﻛﺎﺭ ﻣﻲ ﺭﻭﺩ‪.‬‬ ‫&‬
    ‫ﻧﺎﻡ ﭘﺎﺭﺍﻣﺘﺮ ﺭﺍ ﺍﺯ ﺍﺭﺯﺷﻲ ﻛﻪ ﺩﺍﺭﺩ ﺟﺪﺍ ﻣﻲ ﻛﻨﺪ‪.‬‬ ‫=‬
    ‫ﺑﻪ ﻋﻨﻮﺍﻥ ﺟﺎﻱ ﺧﺎﻟﻲ ﺗﻔﺴﻴﺮ ﻣﻲ ﺷﻮﺩ‪.‬‬ ‫‪+‬‬
    ‫ﺟﺪﺍﻛﻨﻨﺪﻩ ﭘﺮﻭﺗﻜﻞ‪ .‬ﺁﻥ ﺑﺨﺶ ﺍﺯ ﺭﺷﺘﻪ ‪ URL‬ﺍﺯ ﺁﻏﺎﺯ ﺗﺎ ﭘﺎﻳﺎﻥ ﻧﺸﺎﻧﻪ ‪ :‬ﭘﺮﻭﺗﻜﻞ‬ ‫‪:‬‬
    ‫ﺍﺳﺘﻔﺎﺩﻩ ﺷﺪﻩ ﺩﺭ ﻻﻳﻪ ‪ Application‬ﺭﺍ ﻣﺸﺨﺺ ﻣﻲ ﻛﻨﺪ‪.‬‬
    ‫ﻳﻚ ﻣﻮﺿﻮﻉ ﺭﺍ ﺩﺭﻭﻥ ﻳﻚ ﺻﻔﺤﻪ ﻭﺏ ﻣﺸﺨﺺ ﻣﻲ ﻛﻨﺪ‪ .‬ﺑﺮﺍﻱ ﻣﺜﺎﻝ ‪URL‬‬ ‫‪#‬‬
    ‫‪www.acmt-‬‬ ‫ﻭ‬ ‫‪www.acmt-art.com/index.html#gallery‬‬
    ‫‪ art.com/index.html#purchase‬ﺩﻭ ﻣﻜﺎﻥ ﻣﺘﻔﺎﻭﺕ ﺭﺍ ﺩﺭﻭﻥ ﻳﻚ ﺻﻔﺤﻪ‬
    ‫)‪ (index.html‬ﻧﺸﺎﻥ ﻣﻲ ﺩﻫﺪ‪.‬‬
    ‫ﺍﻳﻦ ﻛﺎﺭﺍﻛﺘﺮ ﺑﺮﺍﻱ ﻣﺸﺨﺺ ﻛﺮﺩﻥ ﻛﺪﻫﺎﻱ ﻫﮕﺰﺍﺩﺳﻴﻤﺎﻝ ﻣﻲ ﺑﺎﺷﺪ‪.‬‬ ‫‪%‬‬
    ‫‪URL‬ﻫﺎﻱ‬ ‫ﻫﻨﮕﺎﻣﻲ ﻛﻪ ﺩﺭ ﺁﺩﺭﺳﻬﺎﻱ ﻣﻴﻞ ﺩﺭ ﺍﻳﻨﺘﺮﻧﺖ ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﻛﻨﻴﻢ ﺩﺭ‬ ‫@‬
    ‫‪ mailto:‬ﺍﺳﺘﻔﺎﺩﻩ ﻣﻲ ﺷﻮﺩ‪ .‬ﻫﻤﭽﻨﻴﻦ ﻫﻨﮕﺎﻣﻲ ﻛﻪ ﺑﺨﻮﺍﻫﻴﻢ ﻧﺎﻡ ﻛﺎﺭﺑﺮﻱ ﺭﺍ ﺑﻪ ﻫﻤﺮﺍﻩ‬
    ‫ﺍﺳﻢ ﺭﻣﺰ ﺁﻥ ﺑﻪ ﻳﻚ ﭘﺮﻭﺗﻜﻠﻲ ﻣﺎﻧﻨﺪ ‪ FTP‬ﺍﺭﺟﺎﻉ ﺩﻫﻴﻢ‪.‬‬
    ‫ﺑﺮﺍﻱ ﻣﺸﺨﺺ ﻛﺮﺩﻥ ﺩﺍﻳﺮﻛﺘﻮﺭﻱ ﺧﺼﻮﺻﻲ ﻳﻚ ﻛﺎﺭﺑﺮ ﺩﺭ ﺳﻴﺴﺘﻤﻬﺎﻳﻲ ﻛﻪ ﭼﻨﺪ‬ ‫~‬
    ‫ﻣﺜﺎﻝ‪:‬‬ ‫ﺑﺮﺍﻱ‬ ‫ﺷﻮﺩ‪.‬‬ ‫ﻣﻲ‬ ‫ﺍﺳﺘﻔﺎﺩﻩ‬ ‫ﺑﺎﺷﻨﺪ‬ ‫ﻣﻲ‬ ‫ﻛﺎﺭﺑﺮﻩ‬
    ‫‪ http://server/~user_login_id/‬ﻳﺎ ﺑﺮﺍﻱ ﻣﺜﺎﻝ ﺩﻳﮕﺮ ﺑﻪ ‪ URL‬ﺯﻳﺮ ﻧﮕﺎﻫﻲ‬
    ‫ﺑﻴﺎﻧﺪﺍﺯﻳﺪ ‪ http://www.cs.purdue.edu/~saumil/maps :‬ﺣﺴﺎﺏ ﻛﺎﺭﺑﺮﻱ‬
    ‫‪ saumil‬ﺭﺍ ﺩﺭ ﻳﻚ ﺩﺍﻳﺮﻛﺘﻮﺭﻱ ﺩﺭﻭﻥ ﻳﻚ ﺳﻴﺴﺘﻢ ﻣﺸﺨﺺ ﻣﻲ ﻛﻨﺪ‪.‬‬

    ‫ﺗﻬﻴﻪ ﻛﻨﻨﺪﻩ‪:‬‬
    ‫ﺍﻣﻴﺮ ﺣﺴﻴﻦ ﺷﺮﻳﻔﻲ ‪websecuritymgz@websecuritymgz.com ،‬‬
    ‫‪ ٢٧‬ﻣﻬﺮﻣﺎﻩ ‪١٣٨٢‬‬
    ‫ﻣﻨﺒﻊ‪:‬‬
    ‫‪Web Hacking , Stuart McClure,Saumil Shah , Shreeraj Shah -١‬‬

    ‫‪1‬‬
    ‫‪- Query‬‬

    ‫‪6‬‬ ‫‪WWW.WebSecurityMgz.com‬‬

    You might also like