{"id":475904,"date":"2023-08-09T07:24:43","date_gmt":"2023-08-09T07:24:43","guid":{"rendered":""},"modified":"2023-09-05T11:11:32","modified_gmt":"2023-09-05T11:11:32","slug":"arbitrary-code-execution","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/vn\/wiki\/arbitrary-code-execution\/","title":{"rendered":"Th\u1ef1c thi m\u00e3 t\u00f9y \u00fd"},"content":{"rendered":"

Gi\u1edbi thi\u1ec7u<\/h2>\n

Th\u1ef1c thi m\u00e3 t\u00f9y \u00fd (ACE) l\u00e0 m\u1ed9t l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt nghi\u00eam tr\u1ecdng \u0111e d\u1ecda t\u00ednh to\u00e0n v\u1eb9n v\u00e0 b\u1ea3o m\u1eadt c\u1ee7a c\u00e1c \u1ee9ng d\u1ee5ng web. L\u1ed7 h\u1ed5ng c\u00f3 th\u1ec3 khai th\u00e1c n\u00e0y cho ph\u00e9p c\u00e1c c\u00e1 nh\u00e2n tr\u00e1i ph\u00e9p ch\u00e8n v\u00e0 th\u1ef1c thi m\u00e3 \u0111\u1ed9c tr\u00ean m\u1ed9t trang web \u0111\u01b0\u1ee3c nh\u1eafm m\u1ee5c ti\u00eau, b\u1ecf qua t\u1ea5t c\u1ea3 c\u00e1c bi\u1ec7n ph\u00e1p b\u1ea3o m\u1eadt do c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n \u1ee9ng d\u1ee5ng \u0111\u01b0a ra. OneProxy (oneproxy.pro), nh\u00e0 cung c\u1ea5p m\u00e1y ch\u1ee7 proxy n\u1ed5i ti\u1ebfng, ph\u1ea3i \u0111\u1ed1i m\u1eb7t v\u1edbi th\u00e1ch th\u1ee9c b\u1ea3o v\u1ec7 c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng v\u00e0 ng\u01b0\u1eddi d\u00f9ng kh\u1ecfi c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng \u0111\u1ed9c h\u1ea1i nh\u01b0 v\u1eady.<\/p>\n

Ngu\u1ed3n g\u1ed1c c\u1ee7a vi\u1ec7c th\u1ef1c thi m\u00e3 t\u00f9y \u00fd<\/h2>\n

Kh\u00e1i ni\u1ec7m th\u1ef1c thi m\u00e3 t\u00f9y \u00fd xu\u1ea5t hi\u1ec7n c\u00f9ng v\u1edbi s\u1ef1 ph\u00e1t tri\u1ec3n c\u1ee7a c\u00e1c \u1ee9ng d\u1ee5ng web. Nh\u1eefng \u0111\u1ec1 c\u1eadp s\u1edbm nh\u1ea5t v\u1ec1 ACE c\u00f3 t\u1eeb cu\u1ed1i nh\u1eefng n\u0103m 1990 v\u00e0 \u0111\u1ea7u nh\u1eefng n\u0103m 2000 khi vi\u1ec7c ph\u00e1t tri\u1ec3n web b\u1eaft \u0111\u1ea7u ph\u1ee5 thu\u1ed9c nhi\u1ec1u v\u00e0o vi\u1ec7c t\u1ea1o n\u1ed9i dung \u0111\u1ed9ng v\u00e0 c\u00e1c ng\u00f4n ng\u1eef k\u1ecbch b\u1ea3n ph\u00eda m\u00e1y ch\u1ee7. S\u1ef1 ph\u1ed5 bi\u1ebfn c\u1ee7a c\u00e1c c\u00f4ng ngh\u1ec7 nh\u01b0 PHP, JavaScript v\u00e0 SQL khi\u1ebfn c\u00e1c \u1ee9ng d\u1ee5ng web d\u1ec5 g\u1eb7p ph\u1ea3i c\u00e1c l\u1ed7 h\u1ed5ng ch\u00e8n m\u00e3 h\u01a1n, d\u1eabn \u0111\u1ebfn vi\u1ec7c ph\u00e1t hi\u1ec7n v\u00e0 nh\u1eadn th\u1ee9c v\u1ec1 ACE.<\/p>\n

Hi\u1ec3u vi\u1ec7c th\u1ef1c thi m\u00e3 t\u00f9y \u00fd<\/h2>\n

Th\u1ef1c thi m\u00e3 t\u00f9y \u00fd \u0111\u1ec1 c\u1eadp \u0111\u1ebfn kh\u1ea3 n\u0103ng k\u1ebb t\u1ea5n c\u00f4ng ch\u00e8n v\u00e0 th\u1ef1c thi m\u00e3 t\u00f9y \u00fd tr\u00ean trang web ho\u1eb7c \u1ee9ng d\u1ee5ng web \u0111\u01b0\u1ee3c nh\u1eafm m\u1ee5c ti\u00eau. L\u1ed7 h\u1ed5ng n\u00e0y th\u01b0\u1eddng xu\u1ea5t ph\u00e1t t\u1eeb vi\u1ec7c x\u00e1c th\u1ef1c \u0111\u1ea7u v\u00e0o kh\u00f4ng \u0111\u1ea7y \u0111\u1ee7 v\u00e0 x\u1eed l\u00fd d\u1eef li\u1ec7u do ng\u01b0\u1eddi d\u00f9ng cung c\u1ea5p kh\u00f4ng \u0111\u00fang c\u00e1ch, cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng ch\u00e8n c\u00e1c t\u1eadp l\u1ec7nh, l\u1ec7nh ho\u1eb7c \u0111o\u1ea1n m\u00e3 \u0111\u1ed9c h\u1ea1i v\u00e0o c\u00e1c ph\u1ea7n d\u1ec5 b\u1ecb t\u1ed5n th\u01b0\u01a1ng c\u1ee7a \u1ee9ng d\u1ee5ng web. Khi \u0111\u01b0\u1ee3c th\u1ef1c thi, m\u00e3 \u0111\u1ed9c n\u00e0y c\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn m\u1ed9t lo\u1ea1t h\u1eadu qu\u1ea3 b\u1ea5t l\u1ee3i, bao g\u1ed3m \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u, truy c\u1eadp tr\u00e1i ph\u00e9p v\u00e0 x\u00e2m ph\u1ea1m ho\u00e0n to\u00e0n t\u00ednh b\u1ea3o m\u1eadt c\u1ee7a trang web.<\/p>\n

C\u1ea5u tr\u00fac b\u00ean trong v\u00e0 ho\u1ea1t \u0111\u1ed9ng c\u1ee7a vi\u1ec7c th\u1ef1c thi m\u00e3 t\u00f9y \u00fd<\/h2>\n

\u0110\u1ec3 khai th\u00e1c ACE, k\u1ebb t\u1ea5n c\u00f4ng th\u01b0\u1eddng t\u1eadn d\u1ee5ng c\u00e1c l\u1ed7 h\u1ed5ng web ph\u1ed5 bi\u1ebfn, ch\u1eb3ng h\u1ea1n nh\u01b0:<\/p>\n

    \n
  1. \n

    Ti\u00eam SQL<\/strong>: \u0110i\u1ec1u n\u00e0y x\u1ea3y ra khi k\u1ebb t\u1ea5n c\u00f4ng ti\u00eam m\u00e3 SQL \u0111\u1ed9c h\u1ea1i v\u00e0o c\u00e1c tr\u01b0\u1eddng nh\u1eadp c\u1ee7a \u1ee9ng d\u1ee5ng web, thao t\u00fang c\u01a1 s\u1edf d\u1eef li\u1ec7u v\u00e0 c\u00f3 kh\u1ea3 n\u0103ng gi\u00e0nh \u0111\u01b0\u1ee3c quy\u1ec1n truy c\u1eadp tr\u00e1i ph\u00e9p.<\/p>\n<\/li>\n

  2. \n

    T\u1eadp l\u1ec7nh ch\u00e9o trang (XSS)<\/strong>: Trong c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng XSS, c\u00e1c t\u1eadp l\u1ec7nh \u0111\u1ed9c h\u1ea1i \u0111\u01b0\u1ee3c \u0111\u01b0a v\u00e0o c\u00e1c trang web \u0111\u01b0\u1ee3c ng\u01b0\u1eddi d\u00f9ng kh\u00e1c xem, cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng \u0111\u00e1nh c\u1eafp cookie, chuy\u1ec3n h\u01b0\u1edbng ng\u01b0\u1eddi d\u00f9ng ho\u1eb7c th\u1ef1c hi\u1ec7n c\u00e1c h\u00e0nh \u0111\u1ed9ng thay m\u1eb7t h\u1ecd.<\/p>\n<\/li>\n

  3. \n

    Th\u1ef1c thi m\u00e3 t\u1eeb xa (RCE)<\/strong>: K\u1ebb t\u1ea5n c\u00f4ng khai th\u00e1c l\u1ed7 h\u1ed5ng trong t\u1eadp l\u1ec7nh ph\u00eda m\u00e1y ch\u1ee7 ho\u1eb7c qu\u00e1 tr\u00ecnh gi\u1ea3i tu\u1ea7n t\u1ef1 h\u00f3a kh\u00f4ng an to\u00e0n \u0111\u1ec3 th\u1ef1c thi m\u00e3 t\u00f9y \u00fd t\u1eeb xa tr\u00ean m\u00e1y ch\u1ee7 m\u1ee5c ti\u00eau.<\/p>\n<\/li>\n

  4. \n

    L\u1ed7 h\u1ed5ng bao g\u1ed3m t\u1ec7p<\/strong>: Lo\u1ea1i l\u1ed7 h\u1ed5ng n\u00e0y cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng \u0111\u01b0a c\u00e1c t\u1ec7p ho\u1eb7c t\u1eadp l\u1ec7nh t\u00f9y \u00fd v\u00e0o m\u00e1y ch\u1ee7, d\u1eabn \u0111\u1ebfn vi\u1ec7c th\u1ef1c thi m\u00e3.<\/p>\n<\/li>\n<\/ol>\n

    C\u00e1c t\u00ednh n\u0103ng ch\u00ednh c\u1ee7a vi\u1ec7c th\u1ef1c thi m\u00e3 t\u00f9y \u00fd<\/h2>\n

    C\u00e1c t\u00ednh n\u0103ng ch\u00ednh c\u1ee7a vi\u1ec7c th\u1ef1c thi m\u00e3 t\u00f9y \u00fd bao g\u1ed3m:<\/p>\n