Professional Documents
Culture Documents
Tấn công và phòng thủ ứng dụng web
Tấn công và phòng thủ ứng dụng web
LI M U
Cng vi s pht trin ca cng ngh thng tin, cng ngh mng my tnh v s pht trin ca mng internet ngy cng pht trin a dng v phong ph. Cc dch v trn mng thm nhp vo hu ht cc lnh vc trong i sng x hi. Cc thng tin trn Internet cng a dng v ni dung v hnh thc, trong c rt nhiu thng tin cn c bo mt cao hn bi tnh kinh t, tnh chnh xc v tnh tin cy ca n. Bn cnh , cc hnh thc ph hoi mng cng tr nn tinh vi v phc tp hn. Do i vi mi h thng, nhim v bo mt c t ra cho ngi qun tr mng l ht sc quan trng v cn thit. Xut pht t nhng thc t , chng ta s tm hiu v cc cch tn cng ph bin nht hin nay v cc phng chng cc loi tn cng ny. Chnh v vy, thng qua vic nghin cu mt s phng php tn cng v cch bo mt cc la tn cng ny, mnh mong mun gp mt phn nh vo vic nghin cu v tm hiu v cc vn an ninh mng gip cho vic hc tp v nghin cu. 1. L do chn ti Trong nhng nm gn y, Vit Nam ngy cng pht trin v nht l v mt cng ngh thng tin. c bit l v ng dng web, hu nh mi ngi ai cng tng nghe v lm vic trn ng dng web. Website tr nn ph bin v tr thnh mt phn quan trng ca mi ngi v nht l cc doanh nghip, cng ty. Bn cnh l do an ton bo mt cho ng dng web lun l vn nan gii ca mi ngi.V vy chng ta s i tm hiu ng dng web v cch thc tn cng v bo mt web. 2. Mc tiu Gip chng ta c th hiu hn v cc ng dng website, cc mi e da v vn an ton thng tin khi chng ta lm vic trn ng dng web hng ngy, hiu r hn v cc k thut tn cng v bo mt web. 3. Phm vi Tm hiu cc k thut tn cng ph bin nht hin nay nh SQL Injection, Denial Of Service, Local Attack,Cch bo mt, phng th cc loi tn cng ph bin trn mt cch tng quan nht
MC LC
CHNG 1......................................................................................................... 4 TNG QUAN V WEBSITE, CC DCH V CA WEBSITE V LI BO MT THNG DNG ................................................................................................... 4 1.1. M t Website v cch hot ng ................................................................. 4 1.2. Cc dch v v ng dng trn nn web .......................................................... 5 CHNG 2......................................................................................................... 6 CC LOI TN CNG V BO MT NG DNG WEB PH BIN ................ 6 2.1. LOCAL ATTACK ...................................................................................... 6 2.1.1. Tm hiu v Local Attack ....................................................................... 6 2.1.2. Cch tn cng Local Attack ................................................................... 6 2.1.3. Cch bo mt cho Local Attack ............................................................ 10 2.1.4. Cc cng c h tr .............................................................................. 14 2.2. Tn cng t chi dch v - (Denial Of Service) ............................................ 15 2.2.1. DOS(Denial Of Service) ...................................................................... 15 2.2.2. Ddos(Distributed Denial of Service) ..................................................... 18 2.2.3. Tn cng t chi dch v phn x nhiu vng DRDoS (Distributed Reflection Denial of Service) ........................................................................ 30 2.3. SQL Injection ........................................................................................... 32 2.3.1. Tn cng SQL injection ....................................................................... 32 2.3.2.Cch Phng Trnh SQL Injection .......................................................... 41 2.4. Cross Site Scripting (XSS) ......................................................................... 46 2.4.1. Tn cng XSS ..................................................................................... 46 2.4.2. Phng chng. ...................................................................................... 49 CHNG 3....................................................................................................... 50 DEMO, NH GI V HNG PHT TRIN TI .................................... 50
Tav4 Bkav Forum Trang 2
Trang 3
[E-book] Tan cong va phong thu ung dung WEB CHNG 1 TNG QUAN V WEBSITE, CC DCH V CA WEBSITE V LI BO MT THNG DNG
1.1. M t Website v cch hot ng Website l mt trang web trn mng Internet, y l ni gii thiu nhng thng tin, hnh nh v doanh nghip v sn phm, dch v ca doanh nghip (hay gii thiu bt c thng tin g) khch hng c th truy cp bt k ni u, bt c lc no. Website l tp hp nhiu trang [web page]. Khi doanh nghip xy dng website ngha l ang xy dng nhiu trang thng tin, catalog sn phm, dch v.... to nn mt website cn phi c 3 yu t c bn: Cn phi c tn min (domain). Ni lu tr website (hosting). Ni dung cc trang thng tin [web page]. Mt s thut ng c bn: Website ng (Dynamic website) l website c c s d liu, c cung cp cng c qun l website (Admin Tool). c im ca website ng l tnh linh hot v c th cp nht thng tin thng xuyn, qun l cc thnh phn trn website d dng. Loi website ny thng c vit bng cc ngn ng lp trnh nh PHP, Asp.net, JSP, Perl,..., qun tr C s d liu bng SQL hoc MySQL... Website tnh do lp trnh bng ngn ng HTML theo tng trang nh brochure, khng c c s d liu v khng c cng c qun l thng tin trn website. Thng thng website tnh c thit k bng cc phn mm nh FrontPage, Dreamwaver,... c im ca website tnh l t thay i ni dung, s thay i ni dung ny thng lin quan n s thay i cc vn bn i km th hin ni dung trn . Hin nay, hu ht cc doanh nghip u s dng website ng, th h cng ngh website c mi ngi bit n l web 2.0. - Tn min (domain): Tn min chnh l a ch website, trn internet ch tn ti duy nht mt a ch (tc l tn ti duy nht mt tn min). C 2 loi tn min: - Tn min Quc t: l tn min c dng .com; .net; .org; .biz; .name ...
Tav4 Bkav Forum Trang 4
Mi ngi u c trnh duyt v bn ch cn trnh duyt chy phn mm. Phn mm lun lun c cp nht v chng chy trn server Lun sn sng 24/7 D dng backup d liu thng xuyn C th truy cp mi lc, mi ni, min l bn c mng Chi ph trin khai cc r so vi phn mm chy trn desktop Hy hnh dung bn c mt phn mm qun l bn hng hay qun l cng vic
cng ty. Khng phi lc no bn cng cng ty, vi phn mm vit trn nn web, bn c th vo kim tra, iu hnh bt c u, thm ch bn ch cn mt chic in thoi chy c trnh duyt nh IPhone m khng cn n mt chic my tnh.
Trang 5
[E-book] Tan cong va phong thu ung dung WEB CHNG 2 CC LOI TN CNG V BO MT NG DNG WEB PH BIN
2.1. LOCAL ATTACK 2.1.1. Tm hiu v Local Attack - Local attack l mt trong nhng kiu hack rt ph bin v khng c khuyn dng.i mt web server thng thng khi bn ng k mt ti khon trn server no bn s c cp mt ti khon trn server v mt th mc qun l site ca mnh. V d : tenserver/tentaikhoancuaban. V nh vy cng c mt ti khon ca ngi dng khc tng t nh : tenserver/taikhoan1.Gi s taikhoan1 b hacker chim c th hacker c th dng cc th thut,cc on scrip,cc on m lnh truy cp sang th mc cha site ca bn l tenserver/taikhoancuaban. V cng theo cch ny hacker c th tn cng sang cc site ca ngi dng khc v c th ly thng tin admin,database,cc thng tin bo mt khc hoc chn cc on m c vo trang index ca site bn. Dng tn cng trn gi l Local Attack - Thng thng nht, Local Attack c s dng c ly thng tin config t victim, sau da vo thng tin config v mc ch ca hacker ph hoi website 2.1.2. Cch tn cng Local Attack - thc hin tn cng Local Attack, ty theo cch thc ca hacker m c nhng cch Local khc nhau. Thng thng th cc hacker thng s dng cc on lnh tn cng vo database. 2.1.2.1. Chun b - Trc tin phi c mt con PHP/ASP/CGI backdoor trn server. Backdoor th c rt nhiu loi khc nhau nhng ph bin nht l phpRemoteView (thng c gi l remview) R57Shell, CGITelnet,C99,Tin hnh upload cc cng c trn ln, thng l cc con shell nh R57,C99, - Upload mt trong nhng cng c ln host (Thng th chng ta s dng cc con shell R57,C99,.. v n mnh v d s dng) - c host chng ta c nhiu cch:
Tav4 Bkav Forum Trang 6
Trang 10
Trang 11
proc_get_status, proc_nice, proc_open, proc_terminate, popen, pclose, set_time_limit, escapeshellcmd, escapeshellarg, dl, curl_exec, parse_ini_file, show_source,ini_alter, virtual, openlog - Khi , ta v d : PHP Code: -rw-rw-r-- 1 doanchuyennganh doanchuyennganh 33 Jul 1 19:20 script.php -rw-r--r-- 1 root root 1116 May 26 18:01 /etc/passwd - Trong script.php l : PHP Code: <?php readfile('/etc/passwd'); ?> - Kt qu : PHP Code: Warning: readfile() has been disabled for security reasons in /docroot/script.php on line 2 - Vi li im ca vic bt safe mode: - Thng khi upload file, file s vo /tmp/ vi nhng ngi c quyn khng phi l owner. - Bt safe-mode s c nhng bt li vi ngi lp trnh code PHP, do , h thng c: PHP Code:
Tav4 Bkav Forum Trang 12
Trang 14
Hnh 1. Hnh nh ca 1 dng shell 2.2. Tn cng t chi dch v - (Denial Of Service) 2.2.1. DOS(Denial Of Service) 2.2.1.1. Gii thiu khi qut v DoS: - DoS (Denial of Service) c th m t nh hnh ng ngn cn nhng ngi dng hp php ca mt dch v no truy cp v s dng dch v . N bao gm c vic lm trn ngp mng, lm mt kt ni vi dch v m mc ch cui cng l lm cho server khng th p ng c cc yu cu s dng dch v t cc client. DoS c th lm ngng hot ng ca mt my tnh, mt mng ni b, thm ch c mt h thng mng rt ln. Thc cht ca DoS l k tn cng s chim dng mt lng ln ti nguyn mng nh bng thng, b nh v lm mt kh nng x l cc yu cu dch v n t cc client khc. 2.2.1.2. Cc cch thc tn cng: + Ph hoi da trn tnh gii hn hoc khng th phc hi ca ti nguyn mng. - Thng qua kt ni: Tn cng kiu SYN flood: FPRIVATE "TYPE=PICT;ALT=" Li dng cc thc hot ng ca kt ni TCP/IP, hacker bt u qu trnh thit lp mt kt ni TPC/IP vi mc tiu mun tn cng nhng s ph v kt ni ngay sau khi qu trnh SYN v SYN ACK hon tt, khin cho mc tiu ri vo trng thi ch (i gi
Tav4 Bkav Forum Trang 15
Trang 16
Trang 18
DDoS attack-network
Agent -Handler
IRC - Based
Secret/private channel
Public channel
TCP
UD P
ICMP
TCP
UD P
ICMP
i. M hnh Agent Handler: Theo m hnh ny, attack-network gm 3 thnh phn: Agent, Client v Handler Client : l software c s hacker iu khin mi hot ng ca attack-network Handler : l mt thnh phn software trung gian gia Agent v Client Agent : l thnh phn software thc hin s tn cng mc tiu, nhn iu khin t Client thng qua cc Handler
Tav4 Bkav Forum Trang 19
Handler
Handler
Handler
Handler
Agent
Agent
Agent
Agent
Agent
Victim
Hnh 3. Kin trc attack-network kiu Agent Handler
- Attacker s t Client giao tip vi cc1 Handler xc nh s lng Agent ang online, iu chnh thi im tn cng v cp nht cc Agent. Ty theo cch attacker cu hnh attack-network, cc Agent s chu s qun l ca mt hay nhiu Handler. - Thng thng Attacker s t Handler software trn mt Router hay mt server c lng traffic lu thng nhiu. Vic ny nhm lm cho cc giao tip gia Client, handler v Agent kh b pht hin. Cc gia tip ny thng thng xy ra trn cc protocol TCP, UDP hay ICMP. Ch nhn thc s ca cc Agent thng thng khng h hay bit h b li dng vo cuc tn cng kiu DDoS, do h khng kin thc hoc cc chng trnh Backdoor Agent ch s dng rt t ti nguyn h thng lm cho hu nh khng th thy nh hng g n hiu nng ca h thng. ii. M hnh IRC Based: - Internet Relay Chat (IRC) l mt h thng online chat multiuser, IRC cho php User to mt kt ni n multipoint n nhiu user khc v chat thi gian thc. Kin trc c IRC network bao gm nhiu IRC server trn khp internet, giao tip vi nhau trn nhiu knh (channel). IRC network cho php user to ba loi channel: public, private v serect. Public channel: Cho php user ca channel thy IRC name v nhn c message ca mi user khc trn cng channel
Tav4 Bkav Forum Trang 20
IRC NETWORK
Agent
Agent
Agent
Agent
Agent
Victim
Hnh 4. Kin trc attack-network ca kiu IRC-Base - IRC Based net work cng tng t nh Agent Handler network nhng m hnh ny s dng cc knh giao tip IRC lm phng tin giao tip gia Client v Agent (khng s dng Handler). S dng m hnh ny, attacker cn c thm mt s li th khc nh: Cc giao tip di dng chat message lm cho vic pht hin chng l v cng kh khn IRC traffic c th di chuyn trn mng vi s lng ln m khng b nghi ng Khng cn phi duy tr danh sch cc Agent, hacker ch cn logon vo IRC server l c th nhn c report v trng thi cc Agent do cc channel gi v. Sau cng: IRC cng l mt mi trng file sharing to iu kin pht tn cc Agent code ln nhiu my khc.
Trang 21
Bandwith DeleptionDeleption
Resource Deleption
UDP
ICMP
Smuft attack
Flaggle Attack
TCP SYS
IP @ Attack
Attack
Direct Attack
Loop Attack Attack Spoof source Spoof source Spoof source Attack Spoof source Attack
i. Nhng kiu tn cng lm cn kit bng thng ca mng (BandWith Depletion Attack) - BandWith Depletion Attack c thit k nhm lm trng ngp mng mc tiu vi nhng traffic khng cn thit, vi mc ch lm gim ti thiu kh nng ca cc traffic hp l n c h thng cung cp dch v ca mc tiu. - C hai loi BandWith Depletion Attack: + Flood attack: iu khin cc Agent gi mt lng ln traffic n h thng dch v ca mc tiu, lm dch v ny b ht kh nng v bng thng. + Amplification attack: iu khin cc agent hay Client t gi message n mt a ch IP broadcast, lm cho tt c cc my trong subnet ny gi message n h thng dch v ca mc tiu. Phng php ny lm gia tng traffic khng cn thit, lm suy gim bng thng ca mc tiu.
Tav4 Bkav Forum Trang 22
Attacker/Agent
VICTIM
Amplifier
Hnh 6. S tn cng kiu Amplification Attack C th chia amplification attack thnh hai loi, Smuft va Fraggle attack: + Smuft attack: trong kiu tn cng ny attacker gi packet n network amplifier (router hay thit b mng khc h tr broadcast), vi a ch ca nn nhn. Thng thng nhng packet c dng l ICMP ECHO REQUEST, cc packet ny yu cu yu cu bn nhn phi tr li bng mt ICMP ECHO REPLY packet. Network amplifier s gi n ICMP ECHO REQUEST packet n tt c cc h thng thuc a ch broadcast v tt c cc h thng ny s REPLY packet v a ch IP ca mc tiu tn cng Smuft Attack. + Fraggle Attack: tng t nh Smuft attack nhng thay v dng ICMP ECHO REQUEST packet th s dng UDP ECHO packet gi m mc tiu. Tht ra cn mt bin th khc ca Fraggle attack s gi n UDP ECHO packet n chargen port (port 19/UNIX) ca mc tiu, vi a ch bn gi l echo port (port 7/UNIX) ca mc tiu, to nn mt vng lp v hn. Attacker pht ng cuc tn cng bng mt ECHO REQUEST vi a ch bn nhn l mt a ch broadcast, ton b h thng thuc a
Tav4 Bkav Forum Trang 24
SYS
TCP Client
SYN/ACK
TCP
80
Server
khng nhn c ACK packet cui cng sau mt khong thi gian quy1-1023th n s nh resend li SYN/ACK REPLY cho n ht thi gian timeout. Ton b ti nguyn h thng d tr x l phin giao tip nu nhn c ACK packet cui cng s b phong ta cho n ht thi gian timeout. - Nm c im yu ny, attacker gi mt SYN packet n nn nhn vi a ch bn gi l gi mo, kt qu l nn nhn gi SYN/ACK REPLY n mt a ch kh v s khng bao gi nhn c ACK packet cui cng, cho n ht thi gian timeout nn
Tav4 Bkav Forum Trang 25
Client SYN
SYN/ACK
Server
Attacker/Agent SYN
Server
SYN/ACK
SYN/ACK
ACK
Hnh 8. Attacker gi mo Ip + PUSH = ACK Attack: Trong TCP protocol, cc packet c cha trong buffer, khi buffer y th cc packet ny s c chuyn n ni cn thit. Tuy nhin, bn gi c th yu cu h thng unload buffer trc khi buffer y bng cch gi mt packet vi PUSH v ACK mang gi tr l 1. Nhng packet ny lm cho h thng ca nn nhn unload tt c d liu trong TCP buffer ngay lp tc v gi mt ACK packet tr v khi thc hin xong iu ny, nu qu trnh c din ra lin tc vi nhiu Agent, h thng s khng th x l c lng ln packet gi n v s b treo. ii.b/ Malformed Packet Attack: - Malformed Packet Attack l cch tn cng dng cc Agent gi cc packet c cu trc khng ng chun nhm lm cho h thng ca nn nhn b treo. C hai loi Malformed Packet Attack: + IP address attack: dng packet c a ch gi v nhn ging nhau lm cho h iu hnh ca nn nhn khng x l ni v b treo. + IP packet options attack ngu nhin ha vng OPTION trong IP packet v thit lp tt c cc bit QoS ln 1, iu ny lm cho h thng ca nn nhn phi tn thi gian phn tch, nu s dng s lng ln Agent c th lm h thng nn nhn ht kh nng x l.
Trang 26
Agent Setup
OS supported
Yes
No
TCP UDP
ICMP
Actively Poll
Live&wait
YES Bugged Corrupted Agent website File Handlerl Basedl No Public IRC Private/Serect
Agent Handlerl
None
Hnh 9. Mt s c tnh ca cng c DdoS attack - C rt nhiu im chung v mt software ca cc cng c DDoS attack. C th k ra mt s im chung nh: cch ci Agent software, phng php giao tip gia cc attacker, handler v Agent, im chung v loi h iu hnh h tr cc cng c ny. S trn m t s so snh tng quan gia cc cng c tn cng DDoS ny. * Cch thc ci t DDoS Agent: - Attacker c th dng phng php active v passive ci t agent software ln cc my khc nhm thit lp attack-network kiu Agent-Handler hay IRC-based. - Cch ci t Active: + Scaning: dng cc cng c nh Nmap, Nessus tm nhng s h trn cc h thng ang online nhm ci t Agentsoftware. Ch , Nmap s tr v nhng thng tin v mt h thng c ch nh bng a ch IP, Nessus tm kim t nhng a ch IP bt k v mt im yu bit trc no . + Backdoor: sau khi tm thy c danh sch cc h thng c th li dng, attacker s tin hnh xm nhp v ci Agentsoftware ln cc h thng ny. C rt nhiu thng tin sn c v cch thc xm nhp trn mng, nh site ca t chc Common
Tav4 Bkav Forum Trang 27
Trang 28
Trang 29
Hnh 10. S m t kiu tn cng DRDOS - Qu trnh gi c lp li lin tc vi nhiu a ch IP gip t k tn cng, vi nhiu server ln tham gia nn server mc tiu nhanh chng b qu ti, bandwidth b chim dng bi server ln. Tnh ngh thut l ch ch cn vi mt my tnh vi modem 56kbps, mt hacker lnh ngh c th nh bi bt c my ch no trong giy lt m khng cn chim ot bt c my no lm phng tin thc hin tn cng.
Tav4 Bkav Forum Trang 31
Trang 32
Hnh 11. Mt tools tm site li Online - bit website no dnh li SQL Injection ta thm du vo sau thanh a ch. V d : http://www.doanchuyenganh.com/product.php?id=123
USR_PASSWORD= '' OR ''='' - Cu truy vn ny l hp l v s tr v tt c cc bn ghi ca T_USERS v on m tip theo x l ngi dng ng nhp bt hp php ny nh l ngi dng ng nhp hp l. ii. Dng tn cng s dng cu lnh SELECT - Dng tn cng ny phc tp hn. thc hin c kiu tn cng ny, k tn cng phi c kh nng hiu v li dng cc s h trong cc thng bo li t h thng d tm cc im yu khi u cho vic tn cng. Xt mt v d rt thng gp trong cc website v tin tc. Thng thng, s c mt trang nhn ID ca tin cn hin th ri sau truy vn ni dung ca tin c ID ny. V d: http://www.doanchuyennganh.com/product.asp?ID=123 . M ngun cho chc nng ny thng c vit kh n gin theo dng <% Dim vNewsID, objRS, strSQL vNewsID = Request("ID") strSQL = "SELECT * FROM T_NEWS WHERE NEWS_ID =" & vNewsID Set objRS = Server.CreateObject("ADODB.Recordset") objRS.Open strSQL, "DSN=..." Set objRS = Nothing %>
Trang 35
Trang 36
Trang 38
Trang 39
Trang 42
injection) trong vic ly d liu t h thng ra. Gii php 2: b v hiu trong cc trng hp nh gii php 1 l do : - D liu bt hp l lun lun thay i v cng vi vic pht trin cc kiu tn cng mi. Gii php 3: tt hn hai gii php kia, nhng s gp mt s hn ch khi ci t. - Cch bo mt tt nht l kt hp c gii php 2 v 3. Mt v d cho s cn thit kt hp 2-3 l du ni gia h v tn Quentin Bassington-Bassington phi cho php du gch ngang trong b nh ngha d liu hp l, nhng chui k t -- l mt chui k t c bit trong SQL server. - V d nu c b lc : + Lc b nhng d liu bt hp l nh --,select v union + Mt hm kim sot loi b du nhy n th c th i ph nh sau. union select @@version-- Mt s cch ci t cc chc nng kim tra d liu c bn Cch 1: T chi d liu bt hp l function validate_string( input ) known_bad = array("select","insert", "update", "delete", "drop","--", "'" ) validate_string = true for i = lbound( known_bad ) to ubound( known_bad ) if ( instr( 1, input, known_bad(i), vbtextcompare ) <> 0 ) then validate_string = false exit function end if next end function
Trang 43
Trang 44
was
Trang 48
Trang 49
[E-book] Tan cong va phong thu ung dung WEB CHNG 3 DEMO, NH GI V HNG PHT TRIN TI
3.1. Demo - Trc tin ta s dng mt th thut tm kim nh trn google c th tm kim site b li SQL Injecton. y ti dng t kha: inurl:keywords V d: inurl:sanpham.php?id=3 - S dng t kha trn google.com ti chn c mt website thit k s si l http://nhanquynhphat.com/sanpham.php?id=3 ; ti on n b dnh li SQL Injetion v tin hnh khai thc li. - Ti tin hnh kim tra li v thy website ny b li SQL Injection, ti tip tc ly cc thng tin v website nh version MySQL vic khai thc tr nn r rng hn. y website s dng version MySQL >=5 nn ti c th d dng khai thc li thng qua information_shema.tables m khng cn phi on table ca n l g.
Hnh 13. Thng tin cc table ly c. - B qua cc table khng lin quan ta ly c cc table nh sau: khuyenmai, lienhe, loaispcon, online, sanpham, tbl_gioithieu, tbl_lienhe, tbl_lienket, tbl_tintuc, thanhtoan, tintuc, user - Sau ti tin hnh ly thng tin column v data v kt qu nh hnh 14.
Trang 50
Hnh 14. D liu ta khai thc c dng m ha - Theo hnh 14. d liu ly c ang dng m ha. Vic khai thc SQL Injection n y cn 1 bc na l tm ng dn ng nhp qun tr v nu mt khu nm dng m ha th ta cn phi tin hnh gii m. 3.2. Kt lun 3.2.1. Cc vn t c - Theo yu cu t ra ban u th cho n thi im hin ti, n t c cc ni dung sau: Tm hiu cc k thut tn cng ng dng Web bao gm cc k thut o Chn m lnh thc thi trn trnh khch Cross-site Scripting. o Chn cu truy vn SQL v Tn cng SQL Injection nng cao o Tn cng Local Acttack. o T chi dch v . Cc bin php bo mt t s kt hp gia nh qun tr mng, nh thit k ng dng Web v ngi dng o Kim tra mt trang Web c kh nng b tn cng bng nhng k thut chn cu lnh SQL, thay i tham s hay khng.
Trang 51
Trang 52
Trang 53
[E-book] Tan cong va phong thu ung dung WEB NHN XT HNG DN
............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. .............................................................................................................................
Trang 54
[E-book] Tan cong va phong thu ung dung WEB NHN XT PHN BIN
............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. ............................................................................................................................. .............................................................................................................................
Trang 55