83
Các Phương pháp tấn công Website và cách phòng chống

phuong phap tan cong va cach phong chong.ppt

  • Upload
    thuy-do

  • View
    256

  • Download
    22

Embed Size (px)

Citation preview

  • Cc Phng php tn cng Website v cch phng chng

  • SQL injectionXSS(Cross site scripting) CSRF( cross site request forgery)File inclusionDirectory traversalSession hijackingMalicious file uploadingServer misconfigurationBuffer overflow

  • SQL injection1. SQL Injection l g?SQL injection l mt k thut cho php nhng k tn cng li dng l hng trong vic kim tra d liu nhp trong cc ng dng web v cc thng bo li ca h qun tr c s d liu "tim vo (inject) v thi hnh cc cu lnh SQL bt hp php (khng c ngi pht trin ng dng lng trc). Hu qu ca n rt tai hi v n cho php nhng k tn cng c th thc hin cc thao tc xa, hiu chnh, do c ton quyn trn c s d liu ca ng dng, thm ch l server m ng dng ang chy. Li ny thng xy ra trn cc ng dng web c d liu c qun l bng cch qun tr c s d liu nh SQL Server, MySQL, Oracle, DB2, Sysbase.

  • 2. Cc dng tn cng bng SQL InjectionC bn dng thng thng bao gm: vt qua kim tra lc ng nhp (authorization bypass), s dng cu lnh SELECT, s dng cu lnh INSERT, s dng cc stored-procedures [2], [3].2.1. Dng tn cng vt qua kim tra ng nhpVi dng tn cng ny, tin tc c th d dng vt qua cc trang ng nhp nh vo li khi dng cc cu lnh SQL thao tc trn c s d liu ca ng dng web.

  • 2.2. Dng tn cng s dng cu lnh SELECTDng tn cng ny phc tp hn. thc hin c kiu tn cng ny, k tn cng phi c kh nng hiu v li dng cc s h trong cc thng bo li t h thng d tm cc im yu khi u cho vic tn cng.

  • 2.3. Dng tn cng s dng cu lnh INSERTThng thng cc ng dng web cho php ngi dng ng k mt ti khon tham gia. Chc nng khng th thiu l sau khi ng k thnh cng, ngi dng c th xem v hiu chnh thng tin ca mnh. SQL injection c th c dng khi h thng khng kim tra tnh hp l ca thng tin nhp vo.

  • 2.4. Dng tn cng s dng stored-procedures Vic tn cng bng stored-procedures s gy tc hi rt ln nu ng dng c thc thi vi quyn qun tr h thng 'sa'. V d, nu ta thay on m tim vo dng: ' ; EXEC xp_cmdshell cmd.exe dir C: '. Lc ny h thng s thc hin lnh lit k th mc trn a C:\ ci t server. Vic ph hoi kiu no tu thuc vo cu lnh ng sau cmd.exe.

  • 3. Cch phng trnhNh vy, c th thy li SQL injection khai thc nhng bt cn ca cc lp trnh vin pht trin ng dng web khi x l cc d liu nhp vo xy dng cu lnh SQL. Tc hi t li SQL injection ty thuc vo mi trng v cch cu hnh h thng. Nu ng dng s dng quyn dbo (quyn ca ngi s hu c s d liu - owner) khi thao tc d liu, n c th xa ton b cc bng d liu, to cc bng d liu mi,

  • Nu ng dng s dng quyn sa (quyn qun tr h thng), n c th iu khin ton b h qun tr c s d liu v vi quyn hn rng ln nh vy n c th to ra cc ti khon ngi dng bt hp php iu khin h thng ca bn. phng trnh, ta c th thc hin hai mc:

  • 3.1. Kim sot cht ch d liu nhp vo phng trnh cc nguy c c th xy ra, hy bo v cc cu lnh SQL l bng cch kim sot cht ch tt c cc d liu nhp nhn c t i tng Request (Request, Request.QueryString, Request.Form, Request.Cookies, and Request.ServerVariables).

  • 3.2. Thit lp cu hnh an ton cho h qun tr c s d liuCn c c ch kim sot cht ch v gii hn quyn x l d liu n ti khon ngi dng m ng dng web ang s dng. Cc ng dng thng thng nn trnh dng n cc quyn nh dbo hay sa. Quyn cng b hn ch, thit hi cng t.

  • Ngoi ra trnh cc nguy c t SQL Injection attack, nn ch loi b bt k thng tin k thut no cha trong thng ip chuyn xung cho ngi dng khi ng dng c li. Cc thng bo li thng thng tit l cc chi tit k thut c th cho php k tn cng bit c im yu ca h thng.

  • L hng XSSXSS l g? Cross-Site Scripting hay cn c gi tt l XSS (thay v gi tt l CSS trnh nhm ln vi CSS-Cascading Style Sheet ca HTML) l mt k thut tn cng bng cch chn vo cc website ng (ASP, PHP, CGI, JSP ...) nhng th HTML hay nhng on m script nguy him c th gy nguy hi cho nhng ngi s dng khc. Trong nhng on m nguy him c chn vo hu ht c vit bng Client-Site Script nh javascript, Jscript, DHTML v cng c th l cc th HTML. XSS l mt li ph bin, c rt nhiu trang web b mc phi li ny, chnh v th ngy cng c nhiu ngi quan tm n li ny.

  • XSS hot ng nh th no? XSS cho php attacker chn cc on m vo link ca ng dn, thc hin trn trnh duyt ca ngi dng, dn n vic mt cookies, mt khu, session hay chn virus Thng th XSS c dng nh sau: http://www.xxx.vn//index.php?pg=news&cat=alert(1). V ni dung xut hin trn trnh duyt l mt ci popup c thng tin l 1.

  • TRUY TM L HNG XSS CA NG DNG WEB

    Cch 1: S dng nhiu chng trnh d qut li ca ng dng web, v d nh chng trnh Web Vulnerability Scanner d qut li XSS. Cch 2: Thc hin 5 bc: Bc 1: M website cn kim tra Bc 2: Xc nh cc ch (phn) cn kim tra XSS. 1 Site bt k bao gi cng c cc phn: Search, error message, web form.

  • Ch yu li XSS nm phn ny, ni chung XSS c th xy ra ch no m ngi dng c th nhp d liu vo v sau nhn c mt ci g . V d chng ta nhp vo chui XSS Bc 3: Xc minh kh nng site c b li XSS hay khng bng cch xem cc thng tin tr v. V d chng ta thy th ny: Khng tm thy XSS , hay l Ti khon XSS khng chnh xc,

  • ng nhp vi XSS khng thnh cng th khi kh nng ch b dnh XSS l rt cao. Bc 4: Khi xc nh ch c kh nng b dnh li XSS th chng ta s chn nhng on code ca chng ta vo th tip, v d nh sau: Chn on code ny: < script>alert('XSS')< /script> vo b li v nhn nt Login, nu chng ta nhn c mt popup c ch XSS th 100% b dnh XSS.

  • Nhng xin ch , thnh thong vn c trng hp website b dnh XSS nhng vn khng xut hin ci popup th buc lng bn phi VIEW SOURCES (m bng) n ra xem . Khi view sources nh kim dng ny < script>alert('XSS)< /script>Bc 5: Ln k hoch kch bn tn cng

  • TN CNG Tht ra th c rt nhiu k thut tn cng da trn li XSS ny, ch yu l sau khi bit cch tm l hng th mi ngi s c mt mu m cho cch tn cng ca mnh. y mnh xin gii thiu n cc bn mt k thut m mnh thc hin thnh cng trn trang moodle ca khoa cng ngh thng tin KHTN. K thut n cp password.

  • Sau khi xc minh mt iu chc chn rng trang moodle b li XSS ch ng nhp Ti lp tc vit ngay mt ng dng nh ri up ln mt ci host free, ng dng ny s c nhim v nhn thng tin v mssv v password gi v v ghi xung file txt.

  • PHNG CHNG Nh cp trn, mt tn cng XSS ch thc hin c khi gi mt trang web cho trnh duyt web ca nn nhn c km theo m script c ca k tn cng. V vy nhng ngi pht trin web c th bo v website ca mnh khi b li dng thng qua nhng tn cng XSS ny, m bo nhng trang pht sinh ng khng cha cc tag ca script bng cch lc v xc nhn hp l cc d liu u vo t pha ngi dng hoc m ha(endcoding) v lc cc gi tr xut cho ngi dng.

  • Lc Lun lun lc cc d liu nhp t pha ngi dng bng cch lc cc k t meta (k t c bit) c nh ngha trong c t ca HTML. Mi trng nhp liu bao gm c tham s lin kt s c kim tra pht hin cc th script.

  • M ha Li XSS c th trnh c khi my ch Web m bo nhng trang pht sinh c m ha (encoding) thch hp ngn chy chy cc script khng mong mun. M ha pha my ch l mt tin trnh m tt c ni dung pht sinh ng s i qua mt hm m ha ni m cc th script s c thay th bi m ca n.

  • Ni chung, vic m ha(encoding) c khuyn khch s dng v n khng yu cu bn phi a ra quyt nh nhng k t no l hp l hoc khng hp l.Tuy nhin vic m ha tt c d liu khng ng tin cy c th tn ti nguyn v nh hng n kh nng thc thi ca mt s my ch

  • Session hijacking

    nh ngha session hijacking.Session Hijacking: k thut nh cp phin lm vic chim quyn iu khin ti khon ca ngi s dng.y l li c mc nguy him tng ng vi CSFR. Li c khai thc thng qua nh danh Session ca ngi dng, tuy nhin kh nng thnh cng khng cao.

  • Mt khi chim c Session ca ngi dng no , hacker s c quyn truy cp nh ngi dng . Nguy him hn, session thng c xc nh thng qua mt gi tr lu trong cookie, mc nh trong PHP l: PHPSESSID. V vy nu website b li XSS gip hacker c th ly c cookie ca ngi dng th kh nng b chim ot ti khon l rt cao.

  • Hnh 1: Mt Session bnh thng

  • Hnh 2: Chim quyn iu khin

  • 2. Cc hnh thc tn cng:- D on phin lm vc.- Vt cn phin lm vic.- Dng on m nh cp phin lm vic2.1 Tn cng theo dng d on phin lm vic - Hacker phi l ngi dng hp l ca h thng, sau vi ln ng nhp vo h thng, hacker xem xt cc gi tr session ID nhn c, tm ra qui lut pht sinh v t c th on c gi tr ca mt phin lm vic ca ngi dng k tip.

  • 2.2 Tn cng theo dng vt cn phin lm vic Hacker c th t to mt chng trnh gi nhiu yu cu trong mt khong thi gian n trnh ch. Mi mt yu cu km theo mt session ID tm cc session ID ang tn ti. Hacker da vo thi quen ca nhng nh pht trin ng dng ly thi gian hay a ch IP ca ngi dng to sessionID hn ch vng vt cn. - Tn cng theo dng dng on m nh cp phin lm vic

  • Bng cch chn vo 1 on m thc thi trn trnh duyt ca nn nhn.Hacker c th la ngi dng theo vt 1lin kt t thc hin nh cp cookie ca ngi dng v cch ny c dng thng qua li XSSSau khi c c phin lm vic ca ngi dng th hacker vo tham gia phin lm vic ca h.

  • 3. Cch chng tn cng chim quyn iu khin SessionDo c nhiu hnh thc chim quyn iu khin session khc nhau nn cch thc phng chng cng cn thay i theo chng. Ging nh cc tn cng MITM khc m chng ta nh gi, tn cng chim quyn iu khin session kh pht hin v thm ch cn kh khn hn trong vic phng chng v n phn ln l tn cng th ng.

  • Tr khi ngi dng m c thc hin mt s hnh ng r rng khi anh ta truy cp session ang b chim quyn iu khin, bng khng bn c th s khng bao gi bit tn cng ang din ra. y l mt s th m bn c th thc hin phng chng tn cng ny:

  • Truy cp ngn hng trc tuyn ti nh C hi ai c th chn lu lng ca bn trn mng gia nh t hn nhiu so vi mng ni lm vic. iu ny khng phi v my tnh nh ca bn thng an ton hn, m vn l bn ch c mt hoc hai my tnh ti nh, hu ht ch phi lo lng v tn cng chim quyn iu khin session nu con bn hn 14 tui v bt u xem cc on video hacking trn YouTube ri t hc v lm theo

  • Cn c s hiu bit v tn cng Nhng k tn cng tinh vi, k c n cc hacker dy dn nht cng vn c th mc li v li du vt tn cng bn. Vic bit thi im no bn b ng nhp vo cc dch v da trn session c th gip bn xc nh c rng liu c ai ang rnh rp mnh hay khng. Do nhim v ca bn l cn phi canh trng mi th, quan tm n thi gian ng nhp gn nht bo m mi th vn din ra tt p.

  • Bo mt tt cho cc my tnh bn trong Cc tn cng ny thng c thc thi t bn trong mng. Do nu cc thit b mng ca bn an ton th c hi cho k tn cng tha hip c cc host bn trong mng ca bn s t i, v t gim c nguy c tn cng chim quyn iu khin session.

  • CSRF ( cross site request forgery)

    I.Khi nim CSRF: CSRF ( Cross Site Request Forgery ) l k thut tn cng bng cch s dng quyn chng thc ca ngi s dng i vi 1 website khc.Cc ng dng web hot ng theo c ch nhn cc cu lnh http t ngi s dng,sau thc thi cc cu lnh ny. CSRF s la trnh duyt ca ngi dng gi i cc cu lnh http n cc ng dng web.Trong trng hp phin lm vic ca ngi dng cha ht hiu lc th cc cu lnh trn s dc thc hin vi quyn chng thc ca ngi s dng. CSRF cn dc gi l "session riding", "XSRF"

  • Cc kiu tn cng CSRF xut hin t nhng nm 1990,tuy nhin cc cuc tn cng ny xut pht t chnh IP ca ngi s dng nn log file ca cc website k cho thy cc du hiu ca CFRS.Cc cuc tn cng theo k thut CSRF k dc bo co y ,n nm 2007 mi c mt vi ti liu miu t chi tit v cc trng hp tn cng CSRF.

  • Da trn nguyn tc ca CSRF "la trnh duyt ca ngi dng(hoc ngi dng) gi cc cu lnh http",cc k thut phng trnh s tp trung vo vic tm cch phn bit hn ch cc cu lnh gi mo. C nhiu li khuyn co dc a ra ,tuy nhin cho n nay vn cha c bin php no c th phng chng trit CSRF.Sau y l mt vi k thut s dng.

  • File inclusion (RFI)

    I .Khi nim Ty thuc vo mc bo mt ca server, k tn cng c th include file trn chnh my ch (include local) hay include n mt file my khc (include remote). Mc ch ca k tn cng l chy c cc hm h thng v thu thp cc thng tin nhy cm ca h thng. Tt c cng vic trn k tn cng c th t c khi chy c web shell (hay cn gi l web hack tool) nh c99shell, r57shell,

  • K tn cng c web shell trong tay s c c tt c cc file trong website ang chy shell . Nu server km bo mt th k tn cng c th c c file ca ton b h thng, file ca cc website khc trn cng my ch . Li ny hay c tn dng tn cnglocal hack: kiu tn cng my ch, website qua mt site b li trn my ch.

  • Nu c quyn ghi, tt c cc file c th b thay i: deface trang ch, chn m c thu thp thng tin ng nhp, n du backdoor ln sau vo tip, K tn cng cng c th ly thng tin truy nhp c s d liu (database) qua file cu hnh ca website, sau truy nhp vo c s d liu : n trm d liu, xa, thay i d liu, Trong trng hp ny, c s d liu l MySql cho php s dng hm loadfile, th k tn cng c th tn dng c file t h thng v file ca cc site khc qua MySql bng lnh LOAD DATA LOCAL INFILE

  • II.Cch tm l hng file includesionC 2 phng php tm ra li ny : kim th hp en (Black- Box Testing) v kim th hp trng (White-Box Testing).Kim th hp trngKhi bn c th xem ton b source code, p dng i vi phn mm ca bn vit, phn mm m m, phn mm ai nh bn test h, C th c cc chng trnh qut code hoc bn cng c th t vit mt on m lm vic ny, th cng nht l t d bng cc trnh son tho thng dng. Tm cc dng c c php tng t nhinclude($page), im lu l bin$pagephi cha c khi to hoc gn gi tr th mi c l hng include file

  • Kim th hp enKim th hp en s dng khi bn khng c m ngun ca mc tiu, cng hon ton ging nh khi attacker tn cng mt h thng no , ch c th nhn t bn ngoi, cng l l do v sao c gi l hp en.Phng php l th cc d liu u vo, bt k d liu no, khi ng dng bn ra li l bn c thm thng tin. c th tm ra li th c th kim th bng cng c qut, kim th bng tay. Theo kinh nghip ca ti, i vi li ny cc chng trnh qut t ra rt km hiu qu, vi ngi c kinh nghim th li ny i khi ch cn lt qua website mt vi ln cng c th nhn thy c.

  • III. Khai thc l hng (Exploiting)Khi pht hin ra li lm sao c th khai thc c? Phn trn phn no bn cng nhn thy mt s cch khai thc. V c bn c hai kiu khai thc l inclde file t my ch khc (RFI Remote file include), include file t chnh my ch li (LFI Local file include).Remote file include (RFI)Khi b li ny tc l tham s register_globals=On, vi li ny ngi khng cn c nhiu kin thc v lp trnh cng d dng khai thc c thng tin. K tn cng ch cn t file web hack tool trn mt my ch no (thng l host min ph) v include qua li.

  • Local file include (LFI)Nu tham sallow_url_fopentrong file php.ini t l Off th s khng th thc hin include file t my ch khc. Khi ch khai thc c dng include trn cng my ch, cng ty cu hnh server an ton hay khng m attacker c th c c file ngoi th mc ca website c li. Khi c th khai thc tt cn c mt web shell trn my ch, lm sao c c web shell? C th c nhiu cch nhng i hi ngi khai thc phi c kinh nghim v hiu bit v PHP, apache, Linux.

  • Mt trong cc im quan trng trong khai thc LFI l c cc file nhy cm ca h thng, website. Mt s file quan trong i vi h iu hnh Linux /etc/passwd, /etc/group, httpd.conf,

  • File /etc/passwd cha thng tin v ti khon ca h iu hnh. Attacker c th ly tn ti khon v ng hnh thc d qut mt khu, thng l Brute force (dn lp trnh thng gi l duyt tru). Nu mt khu khng c shadowed, th password c m ha s nm lun trong file /etc/passwd, c c file ny attacker c th c c mt khu bng cch crack (dng John the Ripper chng hn). Cn nu khng mt khu m ha nm trong /etc/shadow (c th th mc khc i vi cc bn Linux v Unix).

  • V d c php trong shadow :guru:$1$OiD7e.JO$AGoOmlOsUK1XBw2qJcx4z0:14286:0:99999:7:::File httpd.conf l file cu hnh ca webserver Apache, fiel ny cha rt nhiu thng tin v h thng. Thng tin quan trng i vi vic khai thc l error_log, access_log, DocumentRoot,

  • Mt s file quan trng ca website nh .htaccess , file cu hnh cha mt khu ca database (thng l config.inc, configuration.php,)LFI cng c dng kt hp vi li upload c c web shell. Nu li upload file c th up c trc tip web shell ln v chy c th khng cn dng n LFI. Nhng nu c li upload, ch upload c cc file nh, th c th tn dng LFI. Vic cn lm l nh v v tr file nh nhim v ny kh hay khng ty thuc kinh nghim tng ngi.

  • n code PHP v cch du shellC nhiu ch c th n code PHP nh trong chnh file PHP, file log, file nh hay bt k file g.Chn PHP vo nhNh trn ti ni chn code PHP vo nh lm g ? y chn code PHP vo file nh m file nh vn l mt file nh thc s. Vy chn code PHP vo phn no ca nh ? Ta s thm code PHP vo phn comment ca nh, tuy nhim phn ny khng cha c nhiu code php, nu shell qu ln s khng c, do phn ny thng chn on m ngn nh shell command, upload form,

  • IV.Cch chng tn cng File InclusionQuan phn trn bn c th hnh dung li nh th no, tn cng ra sao? Vy lm g chng li cc tn cng inlude file?V c bn c 2 vic phi lm:Server an tonLp trnh an ton (ci ny rt quan trng v code c th trin khai nhiu server)

  • Server an ton c mt server an ton khng h n gin n i hi bn phi hiu v cc ci mnh ci t v c kinh nghim v bo mt cng nh qun tr. Phn ny ti ch ni cc phn lin quan n file include thi.Trong php.ini t cc tham s allow_url_fopen=Off (allow_url_fopen=Off) , register_globals=Off, Safe_mode=On, display_error=Offt quyn cho cc th mc hp l

  • Lp trnh an tonBt li cht chBt c bin no cng cn khi toS dng ng dn tuyt iMt v d code cht ch:

  • Buffer overflow

    I. nh ngha; Trong cc lnh vc an ninh my tnh v lp trnh, mt li trn b nh m hay gi tt l trn b m l mt li lp trnh c th gy ra mt ngoi l truy nhp b nh my tnh v chng trnh b kt thc, hoc khi ngi dng c ph hoi, h c th li dng li ny ph v an ninh h thng.

  • Li trn b m l mt iu kin bt thng khi mt tin trnh lu d liu vt ra ngoi bin ca mt b nh m c chiu di c nh. Kt qu l d liu s ln cc v tr b nh lin k. D liu b ghi c th bao gm cc b nh m khc, cc bin v d liu iu khin lung chy ca chng trnh (program flow control).

  • Cc li trn b m c th lm cho mt tin trnh v hoc cho ra cc kt qu sai. Cc li ny c th c kch hot bi cc d liu vo c thit k c bit thc thi cc on m ph hoi hoc lm cho chng trnh hot ng mt cch khng nh mong i.

  • Bng cch , cc li trn b m gy ra nhiu l hng bo mt (vulnerability) i vi phn mm v to c s cho nhiu th thut khai thc(exploit).Vic kim tra bin y vi lp trnh vin hoc trnh bin dch c th ngn chn li cc li trn b m.

  • M t k thut Mt li trn b m xy ra khi d liu c vit vo b nh m, m do khng kim tra bin y ln ghi vo vng b nh lin k v lm hng cc gi tr d liu ti cc gi tr b nh k vi vng b nh m.Hin tng ny thng xy ra khi sao chp 1 xu k t t 1vng b nh m ny sang 1 vng b nh m khc

  • Trn b nh m trn stack Bn cnh sa i cc li khng lin quan, hin tng trn b m cn c khai thc lm 1 chng trnh ang chy thc thi 1 on m tu c cung cp. V d trong vng nh m stack ni cc d liu c tm thi y xung nh ngn xp sau c nhc ra c gi tr ca bin.

  • Thng thng khi 1 hm bt u c thc thi th cc phn t d liu tm thi c y vo v chng trnh c th truy nhp n cc d liu ny trong sut thi gian chy hm . Khng ch c hin tng trn stack (stack overflow) m cn c c trn heap(heap overflow).

  • III. Cch Khai thc C cc k thut khai thc khc nhau cho li trn b nh m, tu theo kin trc ca my tnh, h iu hnh v vng b nh. VD: Khai thc ti heap( dng cho cc bin cp pht ng) khc vi khai thc ti stack . Khai thc li trn b nh m trn stackGhi 1 bin a phng nm gn b nh m trong stack thay i hnh vi ca chng trnh nhm to thun li cho k khc tn cng.

  • Ghi 1 a ch tr v trong khung stack( stack frame ). Khi hm tr v th thc thi vi c tip tc ti a ch m k tn cng gi r thng l ti b m cha d liu vo ca ngi dng.Nu khng bit c a ch ca phn d liu ngi dng cung cp. Nhng bit c a ch ca n c ghi vo trong 1 thanh ghi th c th ghi ln a ch tr v ca 1 gi tr l a ch ca 1 opcode m opcode ny c tc dng lm cho thc thi nhy n phn d liu ca ngi dng

  • Khai thc li trn b nh m trn heapMt hin tng trn b nh m xy ra trn khu vc d liu heap c gi l hin tng trn heap v c th khai thc bng cc li k thut khc vi li trn stack. B nh heap c cp pht bi cc ng dng trong thi gian chy v thng cha d liu ca chng trnh. Vic khai thc c thc hin bng cch ph d liu theo cch c bit lm cho ng dng ghi ln cc cu trc d liu ni b chng hn cc con tr ca d liu lin kt. L hng ca microsoft JPG GDI l 1 v d gn y nht cho li trn b nh m heap.

  • Cn tr i vi cc th thut khai thc khc. Vic x l b m trc khi c hay thc thi n c th lm tht bi cc c gng cho cng vic khai thc l hng. Cc x l ny c th gim bt cho cc cng vic khai thc cc li ny nhng c th khng th ngn chn c 1 cch tuyt i. Vic x l ny c th bao gm: Chuyn t ch hoa sang ch thng , loi b cc k t c bit v lc cc xu khng cha cc k t l ch s hoc ch ci. Tuy nhin cng c cc k thut trnh cc x l ny nh m gm ton ch v s, m a hnh, m t sa i v tn cng kiu return_to_libc

  • IV.Cc cch phng chng li trn b nh m.Nhiu k thut a dng vi nhiu u nhc im c s dng pht hin v chng tn cng vo l hng ny. Cch ng tin cy nht chng hin tng trn b nh m l s dng bo v t ng mc ngn ng lp trnh. Tuy nhin loi bo v ny khng th p dng cho m tha k v nhiu khi cc rng buc k thut kinh doanh hay vn ho li i hi s dng ngn ng khng an ton.

  • Sau y s a ra mt vi hin tng ci t hin c: + La chn v ngn ng lp trnh. + S dng cc th vin an ton. + Chng trn b nh m trn stack + Bo v khng gian thc thi + Ngu nhin ho s khng gian a ch + Kim tra su i vi gi tin.

  • Directory traversalI. Khi nim: - path traversal hay cn c bit vi mt s tn khc nh dot-dot-slash, directory traversal, directory clumbing v backtracking l hnh thc tn cng truy cp n nhng file v th mc m c lu bn ngoi th mc webroot.

  • Hnh thc tn cng ny khng cn s dng mt cng c no m ch n thun thao tc cc bin mi truy cp n file, th mc, bao gm c source code, nhng file h thng. nhn bit kh nng khai thc li ny, cc k tn cng thng quan st kt qu c c t spider hoc crawler mang li

  • II.Khai thc Khi c kt qu t vic spider website vi cc URL c dng nh trn, k tn cng c th s dng ../ th liu c truy cp file vi th mc khc c khng. Da vo thng bo li t website k tn cng bit c ng dn thc s trn webserver, t c th kt hp vi../(dot-dot-slash) truy cp n nhng file quan trng ca website nh database,file cu hnh,..

  • III.Phng chng:Vic phng chng path traversal attack phi thc hin kim tra bin cn thn(c th p dng filter)khi s dng cc hm gii thiu phn trn m c kh nng gy ra li cho php k tn cng thc hin path traversal

  • Tuy nhin mt s filter nh str_replace(../, ,$_GET[help_file ]) th vn b li bi k tn cng c th s dng // nh th sau khi qua code lc trn n s thnh ../.R rng vic lc nh vy vn khng trit .Thay vo cc bn nn s dng cc biu thc chnh lc tt hn. VD: eregi([\\/], {$_GET[help_file ] })

  • Server MisconfigurationLi cu hnh my ch cc cuc tn cng khai thc im yu cu hnh c tm thy trong cc my ch web v my ch ng dng.Nhiu my ch i km vi mc nh khng cn thit v tp tin mu, bao gm cc ng dng, tp tin cu hnh, kch bn, v cc trang web.H c th cng c cc dch v khng cn thit c kch hot, chng hn nh qun l ni dung v chc nng iu khin t xa.

  • Chc nng g li c th c kch hot hay cc chc nng hnh chnh c th c truy cp cho ngi dng v danh.Nhng tnh nng ny c th cung cp mt phng tin cho mt hacker b qua phng php xc thc v truy cp c vo cc thng tin nhy cm, c l vi cc c quyn nng cao.

  • My ch c th bao gm cc ti khon mc nh ni ting v mt khu.Khng hon ton kha xung hoc cng my ch c th ri khi tp tin khng ng quy nh v th mc cho php.SSL sai giy chng nhn v cc thit lp mt m, vic s dng giy chng nhn mc nh, v thc hin chng thc khng ng vi cc h thng bn ngoi c th tha hip s bo mt thng tin.

  • Chi tit v cc thng bo li thng tin c th dn n r r d liu, v cc thng tin tit l c th c dng xy dng cc cp tip theo ca v tn cng.Khng chnh xc cu hnh trong phn mm my ch c th cho php lp ch mc theo cy th mc v tn cng con ng.

  • Malicious file uploadingI.Khi nim:Cc my ch ng dng chp nhn mt tp tin VBScript, mt tp tin HTML c cha JavaScript, v cc virus th nghim Eicar nh file nh km cho php.iu ny c ngha rng mt k tn cng c th gi mt tp tin c hi vi ph tr, ni cc tp tin c th c a ra bi mt nhn vin khc RIM ni b nu h nhp vo v m tp tin nh km.

  • Nhng tp tin khng c kim tra hoc b chn t my ch, hoc xo do tn tp tin.Nhng tp tin ny c chp nhn c th c a ra v thc hin trc tip t ng dng.

  • II.Phng thc tn cng:Mt k tn cng c th thc thi m t xa (ni b RIM), hoc thm ch ci t mt b r hon ton tha hip mt h thng ca nn nhn.Mc d my trm (endpoint) iu khin m c hi chng c a ra bo v ngi dng doanh nghip ca RIM t cc tp tin c hi trn my ch file (tc l Symantec Endpoint Protection),

  • cc tp tin khng nn lm cho n vo cc my ch tp tin ni u tin.(Khng phi tt c cc h thng trn mng c up-to-date v bo v y ) Quc phng-in-chiu su s m bo bo v mi cp ca tp tin nhp vo.

  • III.Cch phng chng: - S dng danh sch trng c xc nhn. - Xc nhn cho cc loi tp tin c chp nhn. - Thc hin chng virus - Chng phn mm c hi

  • Su loi tp tin kim tra trn cc tp tin c chp nhn trc khi chng chuyn t cc my ch ng dng web chia s tp tin (nu lu tr ring bit t c s d liu).Qut cc tp tin u tin trc khi lu tr trong CSDL.Kim tra vi cc nh cung cp cho mt module b lc tp tin nh km, gii php / plugin.

  • demo


Phuong phap lua_chon_thiet_ke_mang_lan

Phuong phap lua_chon_thiet_ke_mang_lan

Documents
Phuong phap giai_nhanh_cac_bai_toan_vat_ly_tap_1_4993

Phuong phap giai_nhanh_cac_bai_toan_vat_ly_tap_1_4993

Education
Phuong Phap So

Phuong Phap So

Documents
phuong phap giai

phuong phap giai

Documents
Phuong Phap Giai Phuong Trinh Vo Ty

Phuong Phap Giai Phuong Trinh Vo Ty

Documents
Phuong Phap Pho

Phuong Phap Pho

Documents
Cac Phuong Phap Giai He Phuong Trinh

Cac Phuong Phap Giai He Phuong Trinh

Documents
Phuong Phap Khoi Pho

Phuong Phap Khoi Pho

Documents
Phuong phap 18

Phuong phap 18

Documents
PHuong Phap Hoc DH

PHuong Phap Hoc DH

Documents
Phuong phap giai_nhanh_bttn-hoa_2

Phuong phap giai_nhanh_bttn-hoa_2

Documents
Phuong phap nckh

Phuong phap nckh

Education
Phuong Phap VERESAGHIN

Phuong Phap VERESAGHIN

Documents
Phuong phap AAS

Phuong phap AAS

Documents
Phuong phap ELISA

Phuong phap ELISA

Documents
PHUONG PHAP ASBR

PHUONG PHAP ASBR

Documents
Phuong phap viet_cong_thuc_dong_phan_hidrocacbon

Phuong phap viet_cong_thuc_dong_phan_hidrocacbon

Education
Phuong phap luyen_tri_nao_1

Phuong phap luyen_tri_nao_1

Technology
Phuong phap hoc_tap_sieu_toc_4711

Phuong phap hoc_tap_sieu_toc_4711

Education
Phuong phap hoc

Phuong phap hoc

Education
Phuong Phap Tinh

Phuong Phap Tinh

Documents
Phuong phap giai_nhanh_bttn-hoa

Phuong phap giai_nhanh_bttn-hoa

Documents
Phuong phap tai khoan

Phuong phap tai khoan

Documents
Phuong Phap Kho

Phuong Phap Kho

Documents
Phuong phap duong cheo

Phuong phap duong cheo

Documents
Phuong phap-tim-cac-loai-khoang-cach-trong-hinh-hoc-khong-gian

Phuong phap-tim-cac-loai-khoang-cach-trong-hinh-hoc-khong-gian

Data & Analytics
Phuong phap do_boc_khoi_luong

Phuong phap do_boc_khoi_luong

Engineering
phuong phap nghien cuu

phuong phap nghien cuu

Documents
Phuong phap SIFT

Phuong phap SIFT

Documents
Phuong phap tu_hoc_thoi_sao_va_ngam_tho

Phuong phap tu_hoc_thoi_sao_va_ngam_tho

Documents