A Biên www.hutech.edu.vn *1.2021.CMP194* tailieuhoctap@hutech.edu.vn : I .I VI G WEB 1.1.1 HTTP Requests 1.1.2 HTTP Responses 1.1.4 REST 1.1.5 Cookies 10 10 16 1.2 Encoding Schemes 23 1.2.3 URL Encoding 23 1.2.4 Unicode Encoding 24 1.2.5 HTML Encoding 25 1.2.6 Base64 Encoding 25 1.2.7 Hex Encoding 26 27 27 28 29 31 2.2.1 Phân 32 host 33 host 37 39 39 BÀI 3: BYPASSING CLIENT-SIDE CONTROLS 40 40 3.1.1 Hidden Form Fields 41 3.1.2 HTTP Cookies 44 3.1.3 URL Parameters 45 3.2 Capturing User Data: HTML Forms 45 46 3.2.2 Script-Based Validation 48 II 3.2.3 Disabled Elements 51 54 54 HOST HEADER 55 55 HTTP Host header 56 4.1.1 .56 57 Host header 57 Host header 58 cache web 59 4.2.2 logic flaw .60 65 host header 67 SMUGGLING) 69 69 70 5.2.1 Request Smuggling 71 -Length (RFC 7230) 72 .73 74 Request Smuggling 75 76 76 77 6.2.1 Bad Passwords .77 6.2.2 Brute-Forcible Login .78 80 80 81 81 82 .83 83 6.4.1 Use Strong Credentials 84 6.4.2 Handle Credentials Secretively 84 85 85 87 7.1 Injecting into Interpreted Contexts 87 7.2 Injecting into SQL 89 III 7.2.1 Khai 89 7.2.2 Injecting into Different Statement Types 90 92 93 7.3 Injecting into NoSQL 95 7.4 Injecting into XPath 97 7.4.1 Injecting into LDAP 98 99 99 G CROSS-SITE SCRIPTING 100 100 8.1.1 Reflected XSS 100 8.1.2 Stored XSS 103 8.1.3 DOM-Based XSS 104 106 106 107 109 110 111 118 -based XSS 120 120 120 -based XSS 122 124 124 125 BÀI 1: KHAI THÁC WEB SOP (SAME-ORIGIN POLICY) 127 127 127 127 127 129 1.2.1 DOM Cookies 129 1.2.2 SOP cho DOM Cookies 134 1.2.3 SOP cho XMLHttpRequest 138 138 139 BÀI 2: WEB TRACKING 140 140 IV 140 140 140 142 142 146 152 153 155 156 158 162 CÔNG CROSS-SITE REQUEST FORGERY (CSRF) 163 163 163 163 163 3.2 164 165 170 178 185 -SITE SCRIPTING (XSS) 186 186 186 186 188 188 190 190 195 n công XSS (XSS Worm) 198 206 209 216 BÀI 5: SQL INJECTION ATTACK 217 217 217 217 217 221 V 5.2.1 MySQL Console 221 224 prepared statement 239 241 242 VI host máy khách host Bài 3: BY-PASSING CLIENT-SIDE CONTROLS host HOST HEADER capturing user Data VII - máy khách inject LDPA Injection -SITE SCRIPTING SS l - - 228 apt-get install curl 229 apt-get update - 230 HÀNH - 231 dịng có name Giau credential WHERE na 232 http://www.seedlabsqlinjection.com/ 234 234 235 236 Xem : web 237 Cách 1: Vào trang web http://www.sha1- Cách 2: php genpass.php 238 Ryan t: ', Password='52e51cf3f58377b8a687d49b960a58dfc677f0ad' where nam='Ryan';# 239 5.2.3 Bi n prepared statement anh 240 $conn = getDB(); $sql = "SELECT name, local, gender FROM USER_TABLE $result = $conn->query($sql)) 241 $conn = getDB(); $stmt = $conn->prepare("SELECT name, local, gender FROM USER_TABLE WHERE id = ? and password = ? "); // Bind parameters to the query $stmt->bind_param("is", $id, $pwd); $stmt->execute(); $stmt->bind_result($bind_name, $bind_local, $bind_gender); $stmt->fetch(); b 5.2.4 ng d n: prepared statement 242 H SELECT * from credential cons 5.3 YÊU C U - -