学生成绩系统设计及攻击方法探讨Discussion on the Design of Student Score System and Attack Method摘 要学生成绩系统是各级学校常用的 OA 办公系统,具有公布学生成绩、管理学生等功能,目前学生成绩系统大多数以 WEB 站点的形式存在,容易受到 SQL 注入、XSS、越权等攻击。本文以学生成绩系统作为 OA办公系统的代表,通过对学生成绩系统的设计与实现,了解开发系统所使用的技术与系统构成,研究此类办公系统中易受攻击的威胁点。使用常见的 WEB 攻击方法,尝试在实现的学生成绩系统上复现攻击,寻找可行的攻击方案,并修复系统中存在的漏洞,达到提升学生成绩系统安全性能的效果。关键词:WEB 攻击;办公系统;Java 开发AbstractThe student performance system is an OA office system commonly used at all levels of schools. It has the functions of publishing student results and managing students. Most of the current student performance systems exist in the form of WEB sites and are vulnerable to attacks such as SQL injection, XSS, and unauthorized access. This article takes the student performance system as the representative of the OA office system, through the design and implementation of the student performance system, understand the technology and system composition used in the development system, and study the vulnerable threat points in such office systems. Using common WEB attack methods, try to reproduce the attack on the realized student score system, find a feasible attack plan, and repair the loopholes in the system to achieve the effect of improving the safety performance of the student score system.Keywords: WEB attack; Office system; Java development目录第一章 绪论..................................................11.1 课题背景与意义.........................................11.2 网络安全与网站现状.....................................11.2.1 网络安全的发展与现状以及分类.......................11.2.2 OA 办公系统的发展与现状.............
