WHERE 1=1<\/strong> l\u00e0 lu\u00f4n lu\u00f4n \u0111\u00fang.<\/p>\n\n\n\nV\u00ed d\u1ee5 tr\u00ean d\u01b0\u1eddng nh\u01b0 nguy hi\u1ec3m ph\u1ea3i kh\u00f4ng? \u0110i\u1ec1u g\u00ec x\u1ea3y ra n\u1ebfu b\u1ea3ng bao g\u1ed3m t\u00ean v\u00e0 m\u1eadt kh\u1ea9u?<\/p>\n\n\n\n
C\u00e2u l\u1ec7nh SQL tr\u00ean l\u00e0 t\u01b0\u01a1ng \u0111\u01b0\u01a1ng v\u1edbi:<\/p>\n\n\n\n
SELECT UserId, Name, Password FROM Users WHERE UserId = 105 or 1=1<\/code><\/pre>\n\n\n\nM\u1ed9t hacker th\u00f4ng minh c\u00f3 th\u1ec3 truy c\u1eadp t\u1ea5t c\u1ea3 t\u00ean ng\u01b0\u1eddi d\u00f9ng v\u00e0 m\u1eadt kh\u1ea9u trong c\u01a1 s\u1edf d\u1eef li\u1ec7u \u0111\u01a1n gi\u1ea3n b\u1eb1ng c\u00e1ch ch\u00e8n 105 ho\u1eb7c 1=1 v\u00e0o tr\u01b0\u1eddng nh\u1eadp li\u1ec7u.<\/p>\n\n\n\n
\n\n\n\n<\/span>SQL Injection d\u1ef1a tr\u00ean “”=”” l\u00e0 lu\u00f4n lu\u00f4n \u0110\u00fang<\/span><\/h2>\n\n\n\n\u0110\u00e2y l\u00e0 m\u1ed9t c\u1ea5u tr\u00fac th\u1ed1ng th\u01b0\u1eddng, \u0111\u01b0\u1ee3c d\u00f9ng \u0111\u1ec3 x\u00e1c minh ng\u01b0\u1eddi d\u00f9ng \u0111\u0103ng nh\u1eadp v\u00e0o m\u1ed9t trang web:<\/p>\n\n\n\n
User Name:
<\/p>\n\n\n\n
Password:
<\/p>\n\n\n\n
M\u00e3 Server<\/h3>\n\n\n\nuName = getRequestString(\"UserName\");\nuPass = getRequestString(\"UserPass\"); sql = \"SELECT * FROM Users WHERE Name ='\" + uName + \"' AND Pass ='\" + uPass + \"'\"<\/code><\/pre>\n\n\n\nM\u1ed9t hacker th\u00f4ng minh c\u00f3 th\u1ec3 truy c\u1eadp t\u00ean ng\u01b0\u1eddi d\u00f9ng v\u00e0 m\u1eadt kh\u1ea9u trong c\u01a1 s\u1edf d\u1eef li\u1ec7u b\u1eb1ng c\u00e1ch \u0111\u01a1n gi\u1ea3n ch\u00e8n ” or “”=” v\u00e0o \u00f4 t\u00ean ng\u01b0\u1eddi d\u00f9ng ho\u1eb7c m\u1eadt kh\u1ea9u.<\/p>\n\n\n\n
\u0110o\u1ea1n code t\u1ea1i server s\u1ebd t\u1ea1o ra m\u1ed9t c\u00e2u l\u1ec7nh SQL h\u1ee3p l\u1ec7 gi\u1ed1ng nh\u01b0 th\u1ebf n\u00e0y:<\/p>\n\n\n\n
K\u1ebft qu\u1ea3<\/h3>\n\n\n\nSELECT * FROM Users WHERE Name =\"\" or \"\"=\"\" AND Pass =\"\" or \"\"=\"\"<\/code><\/pre>\n\n\n\nC\u00e2u l\u1ec7nh SQL l\u00e0 h\u1ee3p l\u1ec7. N\u00f3 s\u1ebd tr\u1ea3 v\u1ec1 t\u1ea5t c\u1ea3 c\u00e1c h\u00e0ng t\u1eeb b\u1ea3ng Users, v\u00ec WHERE “”=”” l\u00e0 lu\u00f4n lu\u00f4n \u0111\u00fang.<\/p>\n\n\n\n
\n\n\n\n<\/span>SQL Injection d\u1ef1a tr\u00ean c\u00e2u l\u1ec7nh SQL batched<\/span><\/h2>\n\n\n\nH\u1ea7u h\u1ebft c\u00e1c c\u01a1 s\u1edf d\u1eef li\u1ec7u h\u1ed7 tr\u1ee3 c\u00e2u l\u1ec7nh SQL batched, \u0111\u01b0\u1ee3c c\u00e1ch nhau b\u1eb1ng d\u1ea5u ch\u1ea5m ph\u1ea9y.<\/p>\n\n\n\n
V\u00ed d\u1ee5<\/h3>\n\n\n\nSELECT * FROM Users; DROP TABLE Suppliers<\/code><\/pre>\n\n\n\nC\u00e2u l\u1ec7nh SQL tr\u00ean s\u1ebd tr\u1ea3 v\u1ec1 t\u1ea5t c\u1ea3 c\u00e1c h\u00e0ng trong b\u1ea3ng Users, v\u00e0 sau \u0111\u00f3 xo\u00e1 b\u1ea3ng c\u00f3 t\u00ean l\u00e0 Suppliers.<\/p>\n\n\n\n
N\u1ebfu ch\u00fang ta c\u00f3 \u0111o\u1ea1n m\u00e3 server sau:<\/p>\n\n\n\n
Server Code<\/h3>\n\n\n\ntxtUserId = getRequestString(\"UserId\");\ntxtSQL = \"SELECT * FROM Users WHERE UserId = \" + txtUserId;<\/code><\/pre>\n\n\n\nV\u00e0 nh\u1eadp li\u1ec7u nh\u01b0 sau:<\/p>\n\n\n\n
User id:
<\/p>\n\n\n\n
\u0110o\u1ea1n code t\u1ea1i server s\u1ebd t\u1ea1o m\u1ed9t l\u1ec7nh SQL h\u1ee3p l\u1ec7 nh\u01b0 sau:<\/p>\n\n\n\n
K\u1ebft qu\u1ea3<\/h3>\n\n\n\nSELECT * FROM Users WHERE UserId = 105; DROP TABLE Suppliers<\/code><\/pre>\n\n\n\n<\/span>C\u00e1c tham s\u1ed1 cho b\u1ea3o v\u1ec7<\/span><\/h2>\n\n\n\nM\u1ed9t s\u1ed1 nh\u00e0 ph\u00e1t tri\u1ec3n web s\u1eed d\u1ee5ng m\u1ed9t “danh s\u00e1ch \u0111en” c\u00e1c t\u1eeb ho\u1eb7c k\u00fd t\u1ef1 \u0111\u1ec3 t\u00ecm ki\u1ebfm khi nh\u1eadp trong SQL, nh\u1eb1m ng\u0103n c\u1ea3n c\u00e1c thao t\u00e1c t\u1ea5n c\u00f4ng c\u1ee7a SQL injection.<\/p>\n\n\n\n
\u0110\u00e2y kh\u00f4ng ph\u1ea3i l\u00e0 \u00fd t\u01b0\u1edfng qu\u00e1 t\u1ed1t. Nhi\u1ec1u t\u1eeb trong s\u1ed1 \u0111\u00f3 (nh\u01b0 delete ho\u1eb7c drop) v\u00e0 c\u00e1c k\u00fd t\u1ef1 (nh\u01b0 d\u1ea5u ch\u1ea5m ph\u1ea9y v\u00e0 d\u1ea5u ngo\u1eb7c k\u00e9p), l\u00e0 ng\u00f4n ng\u1eef th\u01b0\u1eddng d\u00f9ng, v\u00e0 ph\u1ea3i \u0111\u01b0\u1ee3c cho ph\u00e9p trong nhi\u1ec1u ki\u1ec3u nh\u1eadp li\u1ec7u.<\/p>\n\n\n\n
(Trong th\u1ef1c t\u1ebf n\u00f3 ph\u1ea3i l\u00e0 ho\u00e0n to\u00e0n h\u1ee3p l\u1ec7 \u0111\u1ec3 nh\u1eadp v\u00e0o m\u1ed9t c\u00e2u l\u1ec7nh SQL trong tr\u01b0\u1eddng c\u01a1 s\u1edf d\u1eef li\u1ec7u.)<\/p>\n\n\n\n
C\u00e1ch ch\u1ee9ng minh \u0111\u1ec3 b\u1ea3o v\u1ec7 m\u1ed9t trang web t\u1eeb c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng SQL injection, l\u00e0 s\u1eed d\u1ee5ng c\u00e1c tham s\u1ed1 SQL.<\/p>\n\n\n\n
C\u00e1c tham s\u1ed1 SQL l\u00e0 c\u00e1c gi\u00e1 tr\u1ecb \u0111\u01b0\u1ee3c th\u00eam v\u00e0o t\u1eeb c\u00e1c truy v\u1ea5n SQL t\u1ea1i th\u1eddi gian th\u1ef1c hi\u1ec7n, trong m\u1ed9t c\u00e1ch th\u1ee9c c\u00f3 ki\u1ec3m so\u00e1t.<\/p>\n\n\n\n
V\u00ed d\u1ee5 ASP.NET Razor<\/h3>\n\n\n\ntxtUserId = getRequestString(\"UserId\");\ntxtSQL = \"SELECT * FROM Users WHERE UserId = @0\";\ndb.Execute(txtSQL,txtUserId);<\/code><\/pre>\n\n\n\nL\u01b0u \u00fd l\u00e0 tham s\u1ed1 \u0111\u1ea1i di\u1ec7n trong c\u00e2u l\u1ec7nh SQL b\u1edfi k\u00fd t\u1ef1 @.<\/p>\n\n\n\n
C\u00e1c c\u00f4ng c\u1ee5 SQL ki\u1ec3m tra t\u1eebng th\u00f4ng s\u1ed1 \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o r\u1eb1ng n\u00f3 l\u00e0 \u0111\u00fang cho c\u1ed9t v\u00e0 \u0111\u01b0\u1ee3c th\u1ef1c thi theo ngh\u0129a \u0111en, v\u00e0 kh\u00f4ng ph\u1ea3i l\u00e0 m\u1ed9t ph\u1ea7n c\u1ee7a SQL \u0111\u01b0\u1ee3c th\u1ef1c thi.<\/p>\n\n\n\n
V\u00ed d\u1ee5 kh\u00e1c<\/h3>\n\n\n\ntxtNam = getRequestString(\"CustomerName\");\ntxtAdd = getRequestString(\"Address\");\ntxtCit = getRequestString(\"City\");\ntxtSQL = \"INSERT INTO Customers (CustomerName,Address,City) Values(@0,@1,@2)\";\ndb.Execute(txtSQL,txtNam,txtAdd,txtCit);<\/code><\/pre>\n\n\n\nB\u1ea1n v\u1eeba \u0111\u01b0\u1ee3c h\u1ecdc \u0111\u1ec3 tr\u00e1nh SQL injection. M\u1ed9t trong nh\u1eefng l\u1ed7 h\u1ed5ng website h\u00e0ng \u0111\u1ea7u.<\/p>\n\n\n\n
<\/span>C\u00e1c v\u00ed d\u1ee5<\/span><\/h2>\n\n\n\nC\u00e1c v\u00ed d\u1ee5 d\u01b0\u1edbi \u0111\u00e2y hi\u1ec3n th\u1ecb c\u00e1ch l\u00e0m th\u1ebf n\u00e0o \u0111\u1ec3 x\u00e2y d\u1ef1ng c\u00e1c truy v\u1ea5n tham s\u1ed1 trong m\u1ed9t s\u1ed1 ng\u00f4n ng\u1eef l\u1eadp tr\u00ecnh web ph\u1ed5 bi\u1ebfn.<\/p>\n\n\n\n
SELECT STATEMENT IN ASP.NET:\ntxtUserId = getRequestString(\"UserId\");\nsql = \"SELECT * FROM Customers WHERE CustomerId = @0\";\ncommand = new SqlCommand(sql);\ncommand.Parameters.AddWithValue(\"@0\",txtUserID);\ncommand.ExecuteReader();<\/code><\/pre>\n\n\n\nINSERT INTO STATEMENT IN ASP.NET:\ntxtNam = getRequestString(\"CustomerName\");\ntxtAdd = getRequestString(\"Address\");\ntxtCit = getRequestString(\"City\");\ntxtSQL = \"INSERT INTO Customers (CustomerName,Address,City) Values(@0,@1,@2)\";\ncommand = new SqlCommand(txtSQL);\ncommand.Parameters.AddWithValue(\"@0\",txtNam);\ncommand.Parameters.AddWithValue(\"@1\",txtAdd);\ncommand.Parameters.AddWithValue(\"@2\",txtCit);\ncommand.ExecuteNonQuery();<\/code><\/pre>\n\n\n\nINSERT INTO STATEMENT IN PHP:\n$stmt = $dbh->prepare(\"INSERT INTO Customers (CustomerName,Address,City)\nVALUES (:nam, :add, :cit)\");\n$stmt->bindParam(':nam', $txtNam);\n$stmt->bindParam(':add', $txtAdd);\n$stmt->bindParam(':cit', $txtCit);\n$stmt->execute();<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"SQL Injection c\u00f3 th\u1ec3 ph\u00e1 hu\u1ef7 c\u01a1 s\u1edf d\u1eef li\u1ec7u c\u1ee7a b\u1ea1n.\u00a0 SQL trong c\u00e1c trang web Trong c\u00e1c b\u00e0i tr\u01b0\u1edbc, b\u1ea1n \u0111\u00e3 h\u1ecdc c\u00e1ch l\u1ea5y (v\u00e0 c\u1eadp nh\u1eadt) c\u01a1 s\u1edf d\u1eef li\u1ec7u, s\u1eed d\u1ee5ng SQL. Khi SQL \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 hi\u1ec3n th\u1ecb d\u1eef li\u1ec7u tr\u00ean m\u1ed9t trang web, n\u00f3 th\u01b0\u1eddng cho ng\u01b0\u1eddi d\u00f9ng …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[239],"tags":[],"yoast_head":"\n
SQL Injection l\u00e0 g\u00ec? • Ki\u1ebfn c\u00e0ng<\/title>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\t\n","yoast_head_json":{"title":"SQL Injection l\u00e0 g\u00ec? • Ki\u1ebfn c\u00e0ng","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kiencang.net\/sql-injection-la-gi\/","og_locale":"vi_VN","og_type":"article","og_title":"SQL Injection l\u00e0 g\u00ec? • Ki\u1ebfn c\u00e0ng","og_description":"SQL Injection c\u00f3 th\u1ec3 ph\u00e1 hu\u1ef7 c\u01a1 s\u1edf d\u1eef li\u1ec7u c\u1ee7a b\u1ea1n.\u00a0 SQL trong c\u00e1c trang web Trong c\u00e1c b\u00e0i tr\u01b0\u1edbc, b\u1ea1n \u0111\u00e3 h\u1ecdc c\u00e1ch l\u1ea5y (v\u00e0 c\u1eadp nh\u1eadt) c\u01a1 s\u1edf d\u1eef li\u1ec7u, s\u1eed d\u1ee5ng SQL. Khi SQL \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 hi\u1ec3n th\u1ecb d\u1eef li\u1ec7u tr\u00ean m\u1ed9t trang web, n\u00f3 th\u01b0\u1eddng cho ng\u01b0\u1eddi d\u00f9ng …","og_url":"https:\/\/kiencang.net\/sql-injection-la-gi\/","og_site_name":"Ki\u1ebfn c\u00e0ng","article_author":"https:\/\/www.facebook.com\/anhducnguyen87\/","article_published_time":"2016-07-27T03:24:02+00:00","author":"Nguy\u1ec5n \u0110\u1ee9c Anh","twitter_card":"summary_large_image","twitter_misc":{"\u0110\u01b0\u1ee3c vi\u1ebft b\u1edfi":"Nguy\u1ec5n \u0110\u1ee9c Anh","\u01af\u1edbc t\u00ednh th\u1eddi gian \u0111\u1ecdc":"5 ph\u00fat"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/kiencang.net\/sql-injection-la-gi\/","url":"https:\/\/kiencang.net\/sql-injection-la-gi\/","name":"SQL Injection l\u00e0 g\u00ec? • Ki\u1ebfn c\u00e0ng","isPartOf":{"@id":"https:\/\/kiencang.net\/#website"},"datePublished":"2016-07-27T03:24:02+00:00","dateModified":"2016-07-27T03:24:02+00:00","author":{"@id":"https:\/\/kiencang.net\/#\/schema\/person\/5e7e1a04d8d1218ad8c421ba43d25c16"},"breadcrumb":{"@id":"https:\/\/kiencang.net\/sql-injection-la-gi\/#breadcrumb"},"inLanguage":"vi","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kiencang.net\/sql-injection-la-gi\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/kiencang.net\/sql-injection-la-gi\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/kiencang.net\/"},{"@type":"ListItem","position":2,"name":"SQL Injection l\u00e0 g\u00ec?"}]},{"@type":"WebSite","@id":"https:\/\/kiencang.net\/#website","url":"https:\/\/kiencang.net\/","name":"Ki\u1ebfn c\u00e0ng","description":"\u00d4m l\u00fd thuy\u1ebft, h\u00f4n th\u1ef1c h\u00e0nh","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kiencang.net\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"vi"},{"@type":"Person","@id":"https:\/\/kiencang.net\/#\/schema\/person\/5e7e1a04d8d1218ad8c421ba43d25c16","name":"Nguy\u1ec5n \u0110\u1ee9c Anh","image":{"@type":"ImageObject","inLanguage":"vi","@id":"https:\/\/kiencang.net\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6d71f9b89393952a8382e30dad26c1ec?s=96&d=monsterid&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6d71f9b89393952a8382e30dad26c1ec?s=96&d=monsterid&r=g","caption":"Nguy\u1ec5n \u0110\u1ee9c Anh"},"description":"Sinh n\u0103m 1987, t\u1ed1t nghi\u1ec7p Cao \u0111\u1eb3ng th\u1ef1c h\u00e0nh FPT qu\u00e3ng 2014, chuy\u00ean ng\u00e0nh Thi\u1ebft k\u1ebf website. T\u00f4i th\u00edch Content, SEO, Ads, T\u0103ng t\u1ed1c website v\u00e0 Th\u01b0\u01a1ng m\u1ea1i \u0111i\u1ec7n t\u1eed. B\u00ean c\u1ea1nh b\u00e0i t\u1ef1 vi\u1ebft, t\u00f4i c\u0169ng d\u1ecbch nhi\u1ec1u n\u1ed9i dung th\u00fa v\u1ecb c\u1ee7a c\u00e1c t\u00e1c gi\u1ea3 kh\u00e1c nhau. FB c\u00e1 nh\u00e2n: facebook.com\/anhducnguyen87. Email li\u00ean h\u1ec7: guiemailchotoi@gmail.com","sameAs":["https:\/\/www.facebook.com\/anhducnguyen87\/"],"url":"https:\/\/kiencang.net\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/kiencang.net\/wp-json\/wp\/v2\/posts\/3419"}],"collection":[{"href":"https:\/\/kiencang.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kiencang.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kiencang.net\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kiencang.net\/wp-json\/wp\/v2\/comments?post=3419"}],"version-history":[{"count":0,"href":"https:\/\/kiencang.net\/wp-json\/wp\/v2\/posts\/3419\/revisions"}],"wp:attachment":[{"href":"https:\/\/kiencang.net\/wp-json\/wp\/v2\/media?parent=3419"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kiencang.net\/wp-json\/wp\/v2\/categories?post=3419"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kiencang.net\/wp-json\/wp\/v2\/tags?post=3419"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}