L? h?ng b?o m?t Cross-Site-Scripting (XSS) c� g? nguy hi?m?

L? h?ng b?o m?t Cross-Site-Scripting (XSS) c� g? nguy hi?m?

CSRF Hacking and Security xss

M?i khi ��ng nh?ng b�i writeup v? m?t l? h?ng XSS ��?c ph�t hi?n tr�n m?t trang web n�o ��, t�i bi?t s? c� nh?ng ng�?i nh?ch m�p c�?i kh?y v? l�c �� trong �?u h? s? ngh?:

• "C�i l?i XSS n�y th? c� c�i qu�i g? nguy hi?m c� ch??"
• "Ngo�i vi?c hi?n l�n m?t h?p tho?i th? XSS l�m ��?c c�i �?ch g? n?a kh�ng?"
• "M?t l? h?ng v? v?n th�i m�. � m� hi?n h?p tho?i c?ng ��?c g?i l� l? h?ng h??"
• ...

V?y th?, XSS c� g? nguy hi?m?

Thay v? vi?t ra �?ng l? thuy?t nh�m ch�n, ch�ng ta s? c�ng xem x�t nh?ng h?nh th?c t?n c�ng khai th�c XSS �? ��?c �p d?ng trong th?c ti?n. N�i tr�?c �? nh?ng b?n n�o c?n ch�a bi?t v? XSS th? n�n Google xem n� l� g? tr�?c khi �?c ti?p b�i vi?t n�y nha.
Read More

Unknown Pada 06:02 Komentar

T�i �? hack VietDesigner.net v� Kenhsinhvien.vn nh� th? n�o?

T�i �? hack VietDesigner.net v� Kenhsinhvien.vn nh� th? n�o?

CSRF Write-up xss

H�nh tr?nh truy t?m l? h?ng b?o m?t

Tr�?c h?t, t? xem x�t �?c �i?m chung c?a c? hai trang web n�y:

1. ��y �?u l� 2 di?n ��n l?n (m?c ti�u c�ng l?n, c�ng nhi?u ng�?i d�ng th? c�ng t? l? thu?n v?i s? nguy hi?m c?a m?t l?i b?o m?t ��?c ph�t hi?n).
2. C�ng s? d?ng n?n t?ng Xenforo.
3. C�ng s? d?ng m?t add-on gi?ng nhau �? t?o tr?nh chuy?n h�?ng li�n k?t.

Trong 3 �?c �i?m n�y th? �i?u th? 3 ch�nh l� m?u ch?t:

• http://kenhsinhvien.vn/redirect/?url=https://junookyo.blogspot.com/
• http://forum.vietdesigner.net/redirect/?url=https://junookyo.blogspot.com/

T?i sao t? bi?t r?ng 2 trang c�ng d�ng m?t add-on? Ngo�i vi?c d?a theo c?u tr�c li�n k?t, th? t? xem m? ngu?n trang chuy?n h�?ng c?a c? 2 v� c�ng m?t th?y t? kh�a quan tr?ng sau:

T?m t? kh�a �� tr�n Google:

Nh� v?y c� th? �o�n ��?c 2 di?n ��n kia �ang s? d?ng add-on t?o tr?nh chuy?n h�?ng t�n l� "GoodForNothing Url Anonymizer" (sau n�y �? �?i t�n th�nh GoodForNothing Link Proxy).
Read More

Unknown Pada 05:45 Komentar

T�i �? hack trang SinhVienIT.net nh� th? n�o?

T�i �? hack trang SinhVienIT.net nh� th? n�o?

CSRF Write-up xss

L? h?ng b?o m?t XSS tr�n sinhvienit.net

M?t ng�y �?p tr?i, t? l�n Google ki?m link t?i Visual Studio. Nh� th�?ng l?, SVIT (sinhvienit.net) v� VNZ (vn-zoom.com) lu�n �?ng top khi t?m ki?m m?y ph?n m?m... cr@ck. Kh?i ph?i suy ngh?, t? li?n nh?n v�o m?t link c� th? tin t�?ng (l� trang n�o th? c�c b?n c?ng bi?t r?i �?y, li�n quan t?i b�i vi?t m�).
Read More

Unknown Pada 05:52 Komentar

T? �?ng th�m CSRF Token v�o m?i truy v?n Ajax trong CodeIgniter

T? �?ng th�m CSRF Token v�o m?i truy v?n Ajax trong CodeIgniter

CSRF PHP Security Web Developer

Trong CodeIgniter, khi b?n thi?t l?p c?u h?nh b?t b?o v? CSRF (Cross Site Request Forgery) trong config.php $config['csrf_protection'] = TRUE; th? m?i truy v?n t? client t?i server �?u ��?c ki?m tra xem c� ch?a token hay kh�ng. Khi l�m vi?c v?i c�c truy v?n ajax th? b?n s? ph?i th�m tham s? token v�o th? c�ng kh� l� m?t. Trong b�i vi?t n�y, m?nh s? ch? c�c b?n m?t c�ch �? t? �?ng th�m token v�o m?i truy v?n ajax.
Read More

Unknown Pada 06:06 Komentar

L? h?ng b?o m?t CSRF tr�n trang RapperVN.Net

L? h?ng b?o m?t CSRF tr�n trang RapperVN.Net

Checked CSRF J2TeaM

L? h?ng b?o m?t CSRF

CSRF (Cross Site Request Forgery) l� k? thu?t t?n c�ng b?ng c�ch s? d?ng quy?n ch?ng th?c c?a ng�?i s? d?ng �?i v?i 1 website kh�c. C�c ?ng d?ng web ho?t �?ng theo c� ch? nh?n c�c c�u l?nh HTTP t? ng�?i s? d?ng, sau �� th?c thi c�c c�u l?nh n�y.

Hacker s? d?ng ph��ng ph�p CSRF �? l?a tr?nh duy?t c?a ng�?i d�ng g?i �i c�c c�u l?nh http �?n c�c ?ng d?ng web. Trong tr�?ng h?p phi�n l�m vi?c c?a ng�?i d�ng ch�a h?t hi?u l?c th? c�c c�u l?nh tr�n s? ��?c th?c hi?n v?i quy?n ch?ng th?c c?a ng�?i s? d?ng.


Read More

Unknown Pada 22:08 Komentar