L HNG CROSS SITE SCRIPTING ( XSS), TN CNG

V CC BIN PHP KHC PHC

KS. Nguyn Ngc Qun
T NCPT An ton thng tin
Tm tt: XSS (Cross site scripting ) l mt l hng ng dng web trong mt ngi dng
cui c th tn cng bng cch chn vo cc website ng (ASP, PHP, CGI, JSP ...) nhng th
HTML hay nhng on m script nguy him c th gy nguy hi cho nhng ngi s dng khc.
L hng XSS tn ti t lu nhng kch bn hin nay vn c th thc hin vi nhng kiu tn
cng mi trong tng lai. Bi vit ny trnh by mt nghin cu chuyn su trong s nguy him
ca l hng XSS v cch khai thc l hng, n cng gii thiu cc bin php khc phc cc cuc
tn cng XSS.
1.

Phn 4 cung cp m t v mt s l hng bo

mt mi v th v c tm thy trn cc
trang web gn y v lm th no c th
khai thc . Trong Phn 5 , bi bo lit k
mt vi bin php khc phc c th c
thc hin trn pha my ch cng nh trn
cc client bo v mt trang web hay ng
dng t cc l hng XSS v cui cng l kt
lun..

GII THIU

Vi s ra i ca cng ngh pht trin

web ng, cng vi vic s dng ngy cng
nhiu cc ng dng web th cng gy ra
nhiu l hng hn cho Web. Cross Site
Scripting (gi tt l CSS hay thng l XSS)
l mt trong nhng cuc tn cng tim m
ph bin nht. XSS l mt l hng da trn
vic tim m - (Injection) c tm thy
trong cc ng dng web trong cc m c
hi c tim nh cc bin u vo vo
payload. Khi ngi dng hp php truy cp
vo mt ng dng web b ly nhim , cc m
c hi c lp li cho trnh duyt ca
ngi dng. M tim c kh nng c , thay
i v truyn ti d liu c phn loi truy
cp bng trnh duyt nh cookies, session
tokens.

2.

NI DUNG NGHIN CU

y, bi bo trnh by mt phn tch

ngn gn v cc framework ph bin khc
nhau m tn ti cho vic pht hin ra cc l
hng XSS trong cc ng dng web, v cch
khai thc chng. Chng lm vic bng cch
injecting cc payload v chy cc script trn
l hng web.
2.1. Xenotix

XSS (Cross- site Scripting (XSS) OWASP ) l mt l hng l tn ti t lu .

Mt ci nhn chi tit hn v XSS c tham
kho ( Shanmugam & Ponnavaikko , 2008).
XSS l mt l hng trong top 10 l hng
hng nm ca OWASP. Trong bi bo ny
tp trung chnh khai thc XSS, l cc cuc
tn cng c th c thc hin sau khi l
hng XSS c tm thy hoc kt hp vi
cc cng c khai thc. Trong bi bo ny ,
u tin bi bo trnh by cc tnh nng c
bn ca XSS, mt s cch pht hin XSS ph
bin v cc cng c khai thc l hng XSS
trong Phn 2. Trong phn 3, bi vit m t
cc loi XSS: Non-Persistent or Reflected
Vulnerability;
Stored
or
Persistent
vulnerability; DOM based or Local XSS.

Xenotix (Abraham , 2012 ) v c bn l

mt cng c kim tra thm nhp c s
dng khai thc bi XSS. N c mt danh
sch payload c xy dng, c hn 450
payload XSS, m chng c th vt qua cc
b lc XSS c bn c s dng bi cc nh
pht trin web. N c th s dng cc
payload mt cch manual hay ch t
ng. ng thi N c th hot ng nh
mt key logger lu li t hp phm c
thc hin bi ngi dng khi ngi truy cp
vo trang b nhim.K tn cng cng c th
ti v mt tp tin thc thi m c trn h
thng ca ngi dng m h khng nhn
thc c vic . Khi ngi dng truy cp
cc trang b nhim, java applet client.jar
301

s truy cp vo ca s lnh ca h thng ca

h. Attacker s dng lnh echo vit cc
script c tn winconfig.vbs trong th mc (
% temp% ) v sau cmd.exe s thc thi
winconfig.vbs ti v tp tin thc thi c
hi theo quy nh ca k tn cng trong URL
vo th mc temp v i tn n thnh
update.exe, cui cng n s thc hin
update.exe. Mt l hng khc c cung cp
bi Xenotix l ci t mt reverse shell (
Hammer , 2006) ti h thng ca ngi s
dng truy cp vo my tnh ca h.

Ltd , 2012 ) ngi ta c th chy bt k trnh

duyt da trn vic khai thc mt trang web
c l hng XSS c c session
Meterpreter ca n gn quyn truy cp h
thng. Mt tnh nng khc ca cng c ny l
XSSF tn cng t ng trong khai thc
khc nhau c th c thm vo trong mt
hng i , mi id cng vic ring ca mnh
v c th c thc hin t ng mt khi nn
nhn thm lin kt c l hng c cung cp
bi nhng k tn cng.

Mc d l mt cng c n gin, nhng

y l mt cng c ng c quan tm.
Tnh nng keylog khng c duy tr nhiu
v n ch c th capture c bn trong trang
b nhim. Nu ti v a th ch chy c
16 bit h tr cc file exe.

Mt mt XSSF cung cp nhiu tnh nng

tuyt vi nh mt cng c thnh cng cho
cc tn cng Post XSS, mt khc n li
khng cung cp mt s lng ln cc
phng tin pht hin cc l hng XSS.
ng thi lm vic vi XSSF framework
cng vi cc hiu bit ca Metasploit.

2.2. XSSF

2.3. BeEF

XSSF c m t r trong ( Tomes ,

2011) (htt1) v (xssf - Cross-Site Scripting
Framework - project Google Hosting) nhm
mc ch a ra nhng mi nguy him
tim tng lin quan n cc l hng
XSS.Cng vic c bn ca n bao gm vic
to ra mt knh thng tin lin lc (c gi
l mt tunnel XSSF ) vi trnh duyt mc
tiu (trong c mt l hng XSS ) thc
hin cc cuc tn cng khc nhau. K tn
cng c th thc hin cc cuc tn cng khc
nhau, mi cuc tn cng tn ti trn mt
module ring bit. Mt s lng ln cc mun nh: file stealer, iphone Skype call,
network scanning v nhiu l hng tn ti
khc c th c thc hin khai thc cc
l hng ng dng web ny. XSSF c bn
hot ng bng cch to ra mt ng hm
lit k tt c cc id ca nn nhn khi nn
nhn n trn mt trang web c l hng XSS.
Nhng k tn cng sau kim tra trnh
duyt ca ngi dng, tm kim cch khai
thc ph hp, thc hin n v gi mt phin
cho ngi dng. Sau n c th truy cp
vo h thng ca ngi dng. Cc cuc tn
cng XSS c th c thc hin bao gm
vic to ra mt ng hm XSSF c th cung
cp truy cp ca cc my ch cc b ca my
tnh t xa cho k tn cng v cho php hn
c c chc nng ca n. ng thi s
dng XSSF c tch hp vi giao din
iu khin Metasploit ( Offensive Security

BeEF l vit tt ca Framework trnh

duyt khai thc. N l mt cng c kim tra
thm nhp mnh m cho trnh duyt web. N
s dng vector pha khch hng khc nhau
nh gi cc gc an ninh thc t ca mi
trng mc tiu. Framework ny bao gm
cc m-un lnh khc nhau, s dng n
gin v mnh m cc API gp phn hiu qu
vo vic nh gi. N cho php pht trin
nhanh chng v d dng s dng cc mun.
BEeF kt hp mt hoc nhiu cc trnh
duyt web a ra cc m-un lnh, o din
cc cuc tn cng chng li h thng t bn
trong ca trnh duyt. Cc trnh duyt khc
nhau c kh nng nm trong bi cnh an ninh
( context security) khc nhau, v mi bi
cnh c th c mt tp hp cc hng tn
cng c th. Framework cho php kim tra
xm nhp chn cc module c th (trong
thi gian thc) nhm mc tiu mi trnh
duyt, v trong mi bi cnh (context).
BEEF framework l mt cng c mnh m
c th s dng cc l hng XSS khi ng
cc cuc tn cng khc nhau nh mt vi tn
c k ti sau y: browser fingerprinting
(thu thp thng tin v trnh duyt),
persistence , network fingerprinting, DNS
enumeration, Port scanning, v IRC NAT.

302

3.

Cc trnh duyt sau thc thi m v n n

t mt my ch trusted

CC LOI TN CNG XSS

Hin nay c 3 loi tn cng cross site

scripting ph bin: Non-Persistent or
Reflected Vulnerability (Tn cng Reflected
hoc cross site scripting khng lin tc);
Stored or Persistent vulnerability; DOM
based or Local XSS
Nhng l hng tn ti trn nhng website
khc nhau hoc cc ng dng web c th
c phn loi thnh 3 loi. Chng c gii
thch v m t chi tit nh sau:

Hnh 2. Stored or Persistent vulnerability

Stored or Persistent vulnerability
(hnh 2) cho php nhng tn cng mnh nht,
trong cc m c hi c gi n mt
trang web, ni n c lu tr trong thi
gian nht nh (trong mt c s d liu, h
thng tp tin, hoc bt k u) v sau hin
th cho ngi s dng trong mt trang web
trang web m khng c m ha bng cch
s dng cc thc th HTML. Mt v d v
mt tnh hnh nh vy l vi bng tin trc
tuyn, ni m ngi dng c php ng
bi nh dng HTML cho ngi dng khc
c.

Hnh 1. Tn cng Reflected hoc cross site

scripting khng lin tc
Cc cuc tn cng khng lin tc
(Hnh 1) c thc hin khi d liu c
cung cp bi mt khch hng web c s
dng ngay lp tc bng server-side script
to ra mt trang kt qu cho ngi dng. Nu
d liu ngi dng cung cp khng cn gi
tr v c bao gm trong cc trang kt qu
m khng cn m ha HTML, vic ny cho
php m pha my khch c tim vo trang
nng ng. M tim c th c phn hi
trn my ch web, nh trong kt qu tm
kim, hoc nh mt thng bo li, hoc bt
k thng ip tr li nh vy m bao gm
mt phn ca u vo gi n my ch nh
mt phn ca yu cu. Cc cuc tn cng
Reflect c th c gi n ngi dng
thng qua mt con ng khc, nh trong
mt e-mail thng bo, hoc c th trn mt
s my ch web khc. Khi mt ngi dng b
la click vo mt lin kt c hi hoc
submit mt form c bit, m tim i n
my ch web c l hng, reflect cuc tn
cng ngc tr li trnh duyt ca nn nhn.

Hnh 3. DOM based or Local XSS

Da trn DOM (Document Object
Model) (hnh 3) hoc Local XSS, k tn cng
303

nhng d liu tn cng trong cc side client,

t bn trong mt vi trang trn my ch web.
V d, nu mt phn ca JavaScript truy cp
mt URL yu cu cc tham s v vit mt
vi HTML trn trang ring ca mnh, vic s
dng thng tin ny m khng c m ha
bng cch s dng cc thc th HTML, th
c th s xut hin l hng XSS, khi m vn
bn d liu ny s c ti gii thch bi cc
trnh duyt nh HTML m c th bao gm
thm cc script pha my trm.
4.

Skype. ng dng Skype c pht trin cho

iOS s dng mt tp tin HTML c lu tr
local hin th tin nhn chat t ngi dng
Skype khc, nhng n tht bi trong vic m
ha "Full Name" ca ngi dng n
(incoming users), cho php k tn cng
thc thi m JavaScript c hi khi nn nhn
xem tin nhn.
Vn y l thc hin khai thc bng
cch s dng trnh duyt nhng Webkit.
Ngoi ra cc nh pht trin Skype thit lp
cc chng trnh URI cho trnh duyt nhng
"file :/ /" cho php k tn cng truy cp h
thng tp tin v c bt k tp tin c th
c c bi cc ng dng iOS sandbox.

CC TN CNG KHAI THC XSS

4.1. D liu trn Android c nhiu l

hng
Cc l hng c gii thch y
(Cannon 2013) tn ti trong framework
Android 2.2. N c th c khai thc
truy cp cc tp tin c lu tr trong
SDcard ca cc thit b chy Android. Cc
Trnh duyt trn Android khng nhc nh
ngi dng khi ti v mt tp tin, v d nh
mt tp tin nh "payload.html" c t ng
ti v / sdcard / download / payload.html.
Mt JavaScript c th c s dng m
file " payload " mt cch t ng m l
nguyn nhn trnh duyt hin th cc file
local v cho php cc cch thc c th
truy cp vo SDcard v cc tp tin c lu
tr bn trong . Sau , N c th gi ni
dung ca cc tp tin truy cp tr li trang
web c l hng.Vic khai thc n gin l s
dng JavaScript v chuyn hng, n c th
c s dng trn nhiu thit b cm tay v
cc phin bn khc nhau ca Android.
Nhng n cng c mt vi hn ch nh tn
v ng dn ca tp tin c truy cp
c bit n trc . V n khng phi l
mt l hng root nn n khng th truy cp
tt c cc tp tin, m ch c nhng g c
lu tr trn SDcard.

Trong tng lai, Cn hn ch cc ng

dng ca bn th ba thc hin cc hnh
ng c xc nh bi URL cng nh URI
cho php cc trang web nhng mt iframe
m buc Skype m ra(nu n c ci t)
v gi mt s c th. JavaScript <iframe
src="skype://1900expensivepremiumnumber
?call"> </ iframe>.
4.3. HTML5 API for cross domain calls
L hng ny ch c th c khai thc
trn cc h thng Windows. HTML5 c hai
API thc hin cuc gi lin min - Cross
Origin Requests v WebSockets. Bng cch
s dng chng, JavaScript c th to ra cc
kt ni ti bt k IP no v vi bt k cng
(ngoi cng b chn), lm cho chng mt i
tng l tng cho tn cng port scanning.
Cc API c th b khai thc xc nh xem
nu cc cng ang c kt ni l m hay
ng hay lc. N nh vy bng s gip
ca hai thuc tnh: 'ready state' cho bit tnh
trng ca cc kt ni ti mt thi im nht
nh v "'time duration' m mi "readyState"
l gi tr cui.
Do bng cch quan st s khc bit
trong hnh vi chng ta c th xc nh bn
cht ca cc cng. L mt cp ng dng
qut thnh cng ca n cng ph thuc vo
bn cht ca cc ng dng ang chy trn
cc cng mc tiu. Khi mt yu cu c gi
n s loi ng dng m chng c yu cu
v gi im lng gi cho socket open, c th c
nhiu u vo hoc u vo trong mt nh
dng c th. Nu mc tiu ang chy mt
ng dng nh vy th tnh trng ca n

4.2. Skype's improper URI scheme and

embeddable Webkit browser on IOS
L hng ny nh c gii thch trong
(Kumar, 2011) v (Purviance, 2011) v
(iPhones Make Automatic Skype Calls |
Security Generation, 2010) tn ti trong
framework ca iOS. N c th b khai thc
bi mt k tn cng truy cp vo c s d
liu SQLLite Address Book ca ngi dng
v cng t cuc gi trc tip s dng
304

khng th c xc nh. V ngay c khi

cng ng c th vn c xc nh chng ta
c th m rng k thut ny thc hin cc
chc nng qut mng cng nh pht hin IP
ni b.

4.6. File API in HTML5

L hng ny hin ang c thc thi
trong Webkit (mi nht ca Google Chrome)
v c th b khai thc chuyn i trnh
duyt chrome Google vo mt file server.
File API trong HTML5 cho php cc
JavaScript truy cp cc file, mt khi n c
la chn bi ngi s dng (tc l trc khi
ti ln n). Ngoi vic cung cp kinh nghim
cc file upload tt hn, n cng c th
c s dng mt cch c hi nh l n
cp cc file ca bn trong tn cng XSS. Vi
phong cch thng minh bn c th n
inputtype=file iu khin ngi dng
khng h bit rng anh ta s ti ln cc tp
tin. Trong trng hp ny cc tp tin c
la chn bi ngi s dng trong 'Open File'
hp thoi l ngi duy nht c th c truy
cp. Tuy nhin inputtype=directory file l
mt tnh nng tuyt vi cho php ngi dng
ti ln ni dung ca mt th mc c la
chn, nh vy cho php truy cp ton b th
mc cho k tn cng.

4.4. HTML5 implementation of AJAX

history
HTML5 c mt tnh nng cho php
ngi dng truy cp cc trang web khc nhau
v lin kt trong mt trang web m khng
thay i URL. N c thc hin vi s gip
ca chc nng window.history.pushState
(). N c to ra cho cc trang web AJAX
sa i d dng trong thanh a ch ca s
v lch s thao tc. l mt tnh nng tuyt
vi v thun tin cho cc nh pht trin - v
d, cc ng dng AJAX c th d dng h
tr tr li v nt bm pha trc m khng
cn n URI nh danh on (#). Nhng n
cng c th c khai thc cho mt trang
web c l hng XSS v n cho php k tn
cng chuyn hng ngi dng n bt
k lin kt m khng thay i URL trong
thanh a ch.

4.7. XSS MAP

Google trong khi thu thp d liu cho
cc Xem Google Street cng thu thp d
liu ca cc mng khng dy trong vng ln
cn v a ch MAC ca cc router v sau
phi hp nh x chng vo GPS. y, nh
xy dng trong (Higgins, 2010), mt XSS
khai thc c th c s dng lp bn
v tr ca ngi dng. Vic khai thc XSS c
th ly a ch MAC ca router ca mc tiu
v sau phi hp s dng Google Maps
xc nh GPS. Mt trang c hi bn ang
truy cp c th thc hin mt XSS khai thc
v phc hi ca bn ta GPS t Google
Maps. Cc b nh tuyn v trnh duyt web
t chng khng cha bt k d liu v tr a
l / GPS v khng ca n Geo v tr da trn
IP. N hot ng thng qua Router XSS m
c c a ch MAC ca router thng qua
AJAX . a ch MAC sau c gi n
k tn cng s chuyn n n a im Da
dch v ca Google m c th bn v tr
(GPS gn ng ta ) ca mt ngi s
dng da trn a ch MAC ca mnh.

4.5. Access to the WScript ActiveX

control in Internet Explorer
Cc thit lp bo mt trong Internet
Explorer php truy cp vo iu khin
ActiveX WScript thng qua ngn ng script
nh JavaScript v VBScript. Cc mu ng
dng cho thy lm th no s dng i
tng ActiveX "WScript.shell" tng tc
vi my ca khch hng. Vi vic kim sot
ai c th thc hin cc lnh tng t nh mt
du nhc trnh bo m khng thng bo cho
ngi s dng. S dng Shell ngi ta cng
c th to, xa v sa i cc tp tin vn bn
thng qua WScript.FileSystemObject. IE7
a vo mt iu khin bo mt mi c
gi l "ngun d liu truy cp trn ton
min", m by gi bng cch mc nh c
thit lp nhc nh ngi dng nu h
mun cho php kch bn ca bn ni
chuyn vi domains khc (n xem xt h
thng tp tin nh l mt min ring bit )
nhng ngi ta c th vit mt kch bn tp
tin trc tip vo a v sau thc hin n,
nhn c xung quanh cc iu khon IE7.

4.8. NAT PINNING - IRC Over HTTP

Trong cuc tn cng XSS, mt trang
web buc router ca ngi dng hoc tng
305

la, khng bit rng ti chng, forward n

cng bt k s cng tr li my ca ngi
dng. Khi nn nhn nhp chut vo mt URL
XSS c l hng c mt hnh thc n kt ni
vi http://attacker.com:6667 (port IRC),
ngi dng submit form m khng bit. Mt
kt ni HTTP c to ra bi k tn cng ti
my ch IRC ( kt ni gi) ch n gin l
lng nghe. Router ca nn nhn nhn thy
mt " kt ni IRC " (mc d khch hng ca
mnh ang ni trong HTTP) v mt n lc ti
mt ' DCC Chat . Direct Client- to-Client
(DCC ) l mt tiu giao thc IRC lin quan
cho php trao i cc tp tin v thc hin cc
cuc tr chuyn khng chuyn tip bng cch
cho php cc Peers kt ni vi nhau bng
cch s dng mt my ch IRC cho tn hiu
bt tay.Chat DCC yu cu m mt cng local
trn my trm m c kt ni ngc t. Khi
m router l ngn chn tt c cc kt ni t
bn trong, n quyt nh chuyn tip lu
lng n cng Chat DCC ngc v my ca
nn nhn cho php NAT traversal cho
nhng k tn kt ni tr li v tr chuyn
vi anh ta. Tuy nhin, k tn cng c ch
nh cng . V d, cng 21 (FTP) , cc cng
router chuyn tip 21 tr li h thng ni b
ca nn nhn. K tn cng c mt con ng
r rng kt ni vi cc nn nhn trn cng
21 v khi ng mt cuc tn cng.

b thnh nn nhn ca XSS. Cc c ch ngn

nga (XSS (Cross Site Scripting) Cheat
Sheet - OWASP, 2013) c th c thc hin
mt trong hai pha my ch hoc pha
khch hng.
5.1. Server Side protection
bo v khi cc l hng XSS, cc
bin php sau y c th c thc hin bi
nh pht trin ti pha my ch. Cc khi
nim c bn s dng y l, khng tin
tng vo u vo cung cp (bao gm c cc
tp tin cookie) ca ngi dng. Ngi s
dng cn c xc nhn v xc nhn trc
khi cho php truy cp vo n. Bo v c th
c thc hin bng cch hn ch cc min
v ng dn chp nhn cookie, thit lp
chng nh HttpOnly, s dng SSL v khng
bao gi lu tr d liu b mt trong cc
cookie. C th v hiu ha vic s dng cc
Script mt cch an ton t cc trang web
khch hng.
Cc Header ni dung Chnh sch An
ninh cng c th c s dng bo mt
chng li vic khai thc l hng XSS. Ngoi
ra, m ha mt cch thch hp cc k t iu
khin HTML, JavaScript, CSS, v URL nn
c thc hin lm cho chng v hi
trc khi chng c hin th trong trnh
duyt. S dng cc b lc c lm sch u
vo ngi dng: filter_sanitize_encoded (
m ha URL), htmlentities (lc HTML),
ilter_sanitize_magic_quotes
(p
dng
addslashes ()). Cc b lc ny gi mt chic
ng h u vo ngi s dng v kim tra
javascript hoc HTTP POST trong cc u
vo v sau ngn chn cc script c thc
thi. Ngoi nhng bin php c mt s th
vin bo mt c sn m ha ngi dng
nhp vo nh Project OWASP Encoding c
sn ti Google Code, cc lc HTML hoc
Htmlawed cho PHP Anti-XSS Class. Cc
ng dng thun AntiSamy API cho Net hoc.
XSS-HTML -B lc cho Java.

4.9. Browser Exploits

Bt k ai c th khai thc cc stack ng
dng trnh duyt v thc hin mt m shell
hoc m mt phin Meterpreter bng cch s
dng li b nh lin quan n l hng XSS.
Nhng l hng khc cng c th tr v phin
Meterpreter m khng tn cng cc ng dng
stack mt cch trc tip. V d nh java
applet ca k t c th c s dng
download cc m c v thc hin mt tp
tin exe.
5.

BIN PHP KHC PHC XSS

Trong cc ng dng web th gii ngy

nay ang c ph bin rng ri cung cp
cc dch v trc tuyn khc nhau. Nhng
ng thi l hng ng dng ang c pht
hin v cng b vi tc ng bo ng.
Trn th gii, bo mt web c th d dng b
xm nhp, bo mt s tr thnh bt buc
bo v mnh khi cc cuc tn cn. Cc bin
php khc nhau c th c p dng trnh

5.2. Endpoint Protection

Ngi dng c th thc hin cc bc
ngn chn tr thnh nn nhn ca cross-site
scripting bng cch ci t add-ons trnh
duyt khc nhau. Nhng add ons gi mt
chic ng h trn cc trng u vo khc
nhau (form, URL, vv), nu mt JavaScript
306

hoc HTTP POST l gp phi, n sau s

dng cc b lc XSS ngn chn nhng
script thc hin. V d v cc tin ch bao
gm NoScript cho FireFox; NotScripts cho
Chrome v Opera trong khi Internet Explorer
8 c chng nh l mt tnh nng c xy
dng t trc.
6.

tn cng XSS ng thi gii thch cc khi

nim ng sau chng. Trong kt lun lit
k mt vi c ch bo v c th c thc
hin hoc trn server hoc client bo v
mnh khi cc cuc tn cng XSS.
7.

1. http://santoshdudhade.blogspot.in/2012/07
/x ssf-v22-cross-site-scriptingframework.html\

KT LUN

Hin ti, ng dng web tr thnh mt

phn khng th thiu ca cuc sng ca
chng ta. Nhng cc trang web ny thng
tn ti nhiu l hng v d b tn cng. Bi
vit ny khm ph mt trong nhng l
hng tn ti mt cch ph bin v ch ra cch
khai thc n . XSS l mt cuc tn cng tim
m tin chi phi c th hnh thnh cc c s
khai thc rt mnh m. N thng c th
c kt hp vi cc l hng khc thc
hin cc cuc tn cng quan trng hn na.
Trong bi bo ny, tho lun mt vi cuc
tn cng ph bin. Chng ti lit k mt vi
cng c pht hin XSS v khai thc l
hng XSS, cng vi cc tnh nng chnh ca
chng. Hn na chng ti cp ti mt
vi l hng XSS mi nht cng nh cc cuc

Thng tin tc gi:

TI LIU THAM KHO:

2. Abraham, A. (2012). Detecting and

Exploiting XSS with Xenotix XSS
Exploit Framework.
3. Cannon, T. (2013, november 23).
Android Data Stealing Vulnerability |
thomascannon.net
4.

Cross-site Scripting (XSS)- OWASP .

(n.d.). Retrieved February 2013, from
www.owasp.org.

5.

Kumar, M. (2011, September 20).

iPhone Skype XSS Vulnerability Lets
Hackers Steal Phonebook

Nguyn Ngc Qun

Sinh nm: 1985
L lch khoa hc:

Tt nghip i hc k thut in Quc gia Saint Peterburgs,

2009, chuyn ngnh khoa hc my tnh.

Hin ang cng tc ti T NCPT An ton thng tin thuc Vin

cng ngh Thng tin v Truyn thng CDIT, Hc vin Cng
ngh Bu chnh Vin thng.

Lnh vc nghin cu hin nay: an ninh h tng mng, an ninh ng

dng v bo mt in ton m my.
Email: quannn@ptit.edu.vn

307