{"id":477158,"date":"2023-08-09T09:08:09","date_gmt":"2023-08-09T09:08:09","guid":{"rendered":""},"modified":"2023-09-05T11:14:08","modified_gmt":"2023-09-05T11:14:08","slug":"expression-language-injection","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/vn\/wiki\/expression-language-injection\/","title":{"rendered":"Ch\u00e8n ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c"},"content":{"rendered":"<h2>Ch\u00e8n ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c<\/h2>\n<p>Expression Ng\u00f4n ng\u1eef ti\u00eam l\u00e0 m\u1ed9t lo\u1ea1i l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt x\u1ea3y ra trong c\u00e1c \u1ee9ng d\u1ee5ng web. N\u00f3 cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng th\u1ef1c thi m\u00e3 t\u00f9y \u00fd ho\u1eb7c truy c\u1eadp th\u00f4ng tin nh\u1ea1y c\u1ea3m b\u1eb1ng c\u00e1ch khai th\u00e1c vi\u1ec7c \u0111\u01b0a c\u00e1c bi\u1ec3u th\u1ee9c \u0111\u1ed9c h\u1ea1i v\u00e0o khung ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c c\u1ee7a \u1ee9ng d\u1ee5ng. Ki\u1ec3u t\u1ea5n c\u00f4ng n\u00e0y \u0111\u1eb7c bi\u1ec7t \u0111\u00e1ng lo ng\u1ea1i \u0111\u1ed1i v\u1edbi c\u00e1c nh\u00e0 cung c\u1ea5p m\u00e1y ch\u1ee7 proxy nh\u01b0 OneProxy (oneproxy.pro), v\u00ec n\u00f3 c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 v\u01b0\u1ee3t qua c\u00e1c bi\u1ec7n ph\u00e1p ki\u1ec3m so\u00e1t b\u1ea3o m\u1eadt v\u00e0 gi\u00e0nh quy\u1ec1n truy c\u1eadp tr\u00e1i ph\u00e9p v\u00e0o t\u00e0i nguy\u00ean.<\/p>\n<h2>L\u1ecbch s\u1eed v\u00e0 \u0111\u1ec1 c\u1eadp \u0111\u1ea7u ti\u00ean<\/h2>\n<p>Kh\u00e1i ni\u1ec7m v\u1ec1 Ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c ti\u00eam xu\u1ea5t hi\u1ec7n c\u00f9ng v\u1edbi s\u1ef1 ra \u0111\u1eddi c\u1ee7a c\u00e1c \u1ee9ng d\u1ee5ng web \u0111\u1ed9ng v\u00e0 s\u1ef1 ra \u0111\u1eddi c\u1ee7a c\u00e1c khung ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c. S\u1ef1 \u0111\u1ec1 c\u1eadp s\u1edbm nh\u1ea5t v\u1ec1 l\u1ed7 h\u1ed5ng n\u00e0y c\u00f3 th\u1ec3 b\u1eaft ngu\u1ed3n t\u1eeb gi\u1eefa nh\u1eefng n\u0103m 2000 khi c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n web b\u1eaft \u0111\u1ea7u k\u1ebft h\u1ee3p c\u00e1c ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c v\u00e0o \u1ee9ng d\u1ee5ng c\u1ee7a h\u1ecd \u0111\u1ec3 t\u0103ng c\u01b0\u1eddng t\u1ea1o n\u1ed9i dung \u0111\u1ed9ng.<\/p>\n<p>Khi c\u00e1c \u1ee9ng d\u1ee5ng web ng\u00e0y c\u00e0ng ph\u1ee9c t\u1ea1p, c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n b\u1eaft \u0111\u1ea7u s\u1eed d\u1ee5ng c\u00e1c ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c nh\u01b0 Ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c JavaServer Pages (JSP) (EL) v\u00e0 Ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c h\u1ee3p nh\u1ea5t (UEL) \u0111\u1ec3 thao t\u00e1c d\u1eef li\u1ec7u v\u00e0 t\u1ea1o n\u1ed9i dung \u0111\u1ed9ng trong c\u00e1c trang web. Tuy nhi\u00ean, s\u1ee9c m\u1ea1nh m\u1edbi xu\u1ea5t hi\u1ec7n n\u00e0y c\u0169ng ti\u1ec1m \u1ea9n nh\u1eefng r\u1ee7i ro b\u1ea3o m\u1eadt.<\/p>\n<h2>Hi\u1ec3u ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c<\/h2>\n<p>Ch\u00e8n ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c x\u1ea3y ra khi k\u1ebb t\u1ea5n c\u00f4ng t\u00ecm c\u00e1ch ch\u00e8n m\u00e3 \u0111\u1ed9c ho\u1eb7c bi\u1ec3u th\u1ee9c \u0111\u1ed9c h\u1ea1i v\u00e0o c\u00e1c tr\u01b0\u1eddng ho\u1eb7c tham s\u1ed1 \u0111\u1ea7u v\u00e0o c\u1ee7a \u1ee9ng d\u1ee5ng web m\u00e0 cu\u1ed1i c\u00f9ng \u0111\u01b0\u1ee3c khung ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c c\u1ee7a \u1ee9ng d\u1ee5ng \u0111\u00e1nh gi\u00e1. \u0110i\u1ec1u n\u00e0y cho ph\u00e9p h\u1ecd th\u1ef1c thi m\u00e3 trong ng\u1eef c\u1ea3nh c\u1ee7a \u1ee9ng d\u1ee5ng, d\u1eabn \u0111\u1ebfn nhi\u1ec1u h\u1eadu qu\u1ea3 kh\u00e1c nhau, ch\u1eb3ng h\u1ea1n nh\u01b0 truy c\u1eadp d\u1eef li\u1ec7u tr\u00e1i ph\u00e9p, leo thang \u0111\u1eb7c quy\u1ec1n v\u00e0 th\u1eadm ch\u00ed th\u1ef1c thi m\u00e3 t\u1eeb xa.<\/p>\n<h2>C\u1ea5u tr\u00fac v\u00e0 ch\u1ee9c n\u0103ng b\u00ean trong<\/h2>\n<p>Nguy\u00ean l\u00fd ho\u1ea1t \u0111\u1ed9ng c\u1ee7a Expression Ng\u00f4n ng\u1eef ti\u00eam xoay quanh c\u00e1c th\u00e0nh ph\u1ea7n sau:<\/p>\n<ol>\n<li>\n<p><strong>Ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c<\/strong>: C\u00e1c ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c nh\u01b0 JSP EL v\u00e0 UEL \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1ec3 \u0111\u00e1nh gi\u00e1 c\u00e1c bi\u1ec3u th\u1ee9c \u0111\u1ed9ng trong \u1ee9ng d\u1ee5ng web. Ch\u00fang cung c\u1ea5p m\u1ed9t c\u00e1ch \u0111\u1ec3 truy c\u1eadp v\u00e0 thao t\u00e1c c\u00e1c \u0111\u1ed1i t\u01b0\u1ee3ng v\u00e0 d\u1eef li\u1ec7u \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef trong nhi\u1ec1u ph\u1ea1m vi kh\u00e1c nhau.<\/p>\n<\/li>\n<li>\n<p><strong>\u0110\u1ea7u v\u00e0o c\u1ee7a ng\u01b0\u1eddi d\u00f9ng<\/strong>: K\u1ebb t\u1ea5n c\u00f4ng ch\u00e8n c\u00e1c bi\u1ec3u th\u1ee9c \u0111\u1ed9c h\u1ea1i th\u00f4ng qua c\u00e1c tr\u01b0\u1eddng nh\u1eadp do ng\u01b0\u1eddi d\u00f9ng ki\u1ec3m so\u00e1t, ch\u1eb3ng h\u1ea1n nh\u01b0 bi\u1ec3u m\u1eabu, cookie ho\u1eb7c ti\u00eau \u0111\u1ec1 HTTP.<\/p>\n<\/li>\n<li>\n<p><strong>\u0110\u00e1nh gi\u00e1 bi\u1ec3u hi\u1ec7n<\/strong>: Khung ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c c\u1ee7a \u1ee9ng d\u1ee5ng x\u1eed l\u00fd \u0111\u1ea7u v\u00e0o v\u00e0 \u0111\u00e1nh gi\u00e1 c\u00e1c bi\u1ec3u th\u1ee9c \u0111\u01b0\u1ee3c ch\u00e8n.<\/p>\n<\/li>\n<li>\n<p><strong>Th\u1ef1c thi m\u00e3<\/strong>: N\u1ebfu \u0111\u1ea7u v\u00e0o kh\u00f4ng \u0111\u01b0\u1ee3c v\u1ec7 sinh v\u00e0 x\u00e1c th\u1ef1c \u0111\u00fang c\u00e1ch, c\u00e1c bi\u1ec3u th\u1ee9c \u0111\u1ed9c h\u1ea1i s\u1ebd \u0111\u01b0\u1ee3c th\u1ef1c thi trong ng\u1eef c\u1ea3nh c\u1ee7a \u1ee9ng d\u1ee5ng, d\u1eabn \u0111\u1ebfn c\u00e1c h\u00e0nh \u0111\u1ed9ng tr\u00e1i ph\u00e9p.<\/p>\n<\/li>\n<\/ol>\n<h2>C\u00e1c t\u00ednh n\u0103ng ch\u00ednh c\u1ee7a t\u00ednh n\u0103ng ch\u00e8n ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c<\/h2>\n<p>Expression Ng\u00f4n ng\u1eef ti\u00eam s\u1edf h\u1eefu m\u1ed9t s\u1ed1 t\u00ednh n\u0103ng quan tr\u1ecdng, bao g\u1ed3m:<\/p>\n<ul>\n<li>\n<p><strong>D\u1ef1a tr\u00ean ng\u1eef c\u1ea3nh<\/strong>: M\u1ee9c \u0111\u1ed9 nghi\u00eam tr\u1ecdng c\u1ee7a t\u00e1c \u0111\u1ed9ng ph\u1ee5 thu\u1ed9c v\u00e0o b\u1ed1i c\u1ea3nh x\u1ea3y ra vi\u1ec7c ti\u00eam. M\u1ed9t s\u1ed1 b\u1ed1i c\u1ea3nh c\u00f3 th\u1ec3 c\u00f3 c\u00e1c \u0111\u1eb7c quy\u1ec1n h\u1ea1n ch\u1ebf, trong khi nh\u1eefng b\u1ed1i c\u1ea3nh kh\u00e1c c\u1ea5p quy\u1ec1n truy c\u1eadp \u0111\u1ea7y \u0111\u1ee7 v\u00e0o t\u00e0i nguy\u00ean h\u1ec7 th\u1ed1ng v\u00e0 d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m.<\/p>\n<\/li>\n<li>\n<p><strong>Ti\u1ebfp x\u00fac d\u1eef li\u1ec7u<\/strong>: K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 truy c\u1eadp v\u00e0 thao t\u00fang d\u1eef li\u1ec7u trong \u1ee9ng d\u1ee5ng, bao g\u1ed3m c\u01a1 s\u1edf d\u1eef li\u1ec7u, th\u00f4ng tin phi\u00ean v\u00e0 h\u1ec7 th\u1ed1ng ph\u1ee5 tr\u1ee3.<\/p>\n<\/li>\n<li>\n<p><strong>Th\u1ef1c thi m\u00e3<\/strong>: Kh\u1ea3 n\u0103ng th\u1ef1c thi m\u00e3 t\u00f9y \u00fd cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng chi\u1ebfm quy\u1ec1n ki\u1ec3m so\u00e1t \u1ee9ng d\u1ee5ng ho\u1eb7c th\u1eadm ch\u00ed to\u00e0n b\u1ed9 h\u1ec7 th\u1ed1ng m\u00e1y ch\u1ee7.<\/p>\n<\/li>\n<li>\n<p><strong>Khai th\u00e1c theo chu\u1ed7i<\/strong>: T\u00ednh n\u0103ng ch\u00e8n ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c k\u1ebft h\u1ee3p v\u1edbi c\u00e1c l\u1ed7 h\u1ed5ng kh\u00e1c \u0111\u1ec3 n\u00e2ng cao \u0111\u1eb7c quy\u1ec1n v\u00e0 \u0111\u1ea1t \u0111\u01b0\u1ee3c nh\u1eefng t\u00e1c \u0111\u1ed9ng \u0111\u00e1ng k\u1ec3 h\u01a1n.<\/p>\n<\/li>\n<\/ul>\n<h2>C\u00e1c ki\u1ec3u ch\u00e8n ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c<\/h2>\n<p>N\u1ed9i dung ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c ph\u00e2n lo\u1ea1i th\u00e0nh c\u00e1c lo\u1ea1i kh\u00e1c nhau d\u1ef1a tr\u00ean ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c c\u01a1 b\u1ea3n v\u00e0 ng\u1eef c\u1ea3nh c\u1ee7a n\u1ed9i dung ch\u00e8n. C\u00e1c lo\u1ea1i ph\u1ed5 bi\u1ebfn bao g\u1ed3m:<\/p>\n<table>\n<thead>\n<tr>\n<th>Ki\u1ec3u<\/th>\n<th>S\u1ef1 mi\u00eau t\u1ea3<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Ch\u00e8n ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c JSP (EL)<\/td>\n<td>X\u1ea3y ra trong c\u00e1c \u1ee9ng d\u1ee5ng JavaServer Pages (JSP) trong \u0111\u00f3 k\u1ebb t\u1ea5n c\u00f4ng \u0111\u01b0a c\u00e1c bi\u1ec3u th\u1ee9c \u0111\u1ed9c h\u1ea1i v\u00e0o c\u00e1c th\u1ebb ho\u1eb7c thu\u1ed9c t\u00ednh JSP EL.<\/td>\n<\/tr>\n<tr>\n<td>Ch\u00e8n ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c h\u1ee3p nh\u1ea5t (UEL)<\/td>\n<td>\u0110\u01b0\u1ee3c t\u00ecm th\u1ea5y trong c\u00e1c \u1ee9ng d\u1ee5ng s\u1eed d\u1ee5ng Ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c h\u1ee3p nh\u1ea5t (UEL), l\u00e0 si\u00eau b\u1ed9 c\u1ee7a JSP EL. Nh\u1eefng k\u1ebb t\u1ea5n c\u00f4ng khai th\u00e1c c\u00e1c l\u1ed7i x\u00e1c th\u1ef1c \u0111\u1ea7u v\u00e0o \u0111\u1ec3 \u0111\u01b0a v\u00e0o c\u00e1c bi\u1ec3u th\u1ee9c c\u00f3 h\u1ea1i.<\/td>\n<\/tr>\n<tr>\n<td>Ti\u00eam \u0111\u1ed9ng c\u01a1 m\u1eabu<\/td>\n<td>Li\u00ean quan \u0111\u1ebfn c\u00e1c c\u00f4ng c\u1ee5 t\u1ea1o m\u1eabu n\u01a1i k\u1ebb t\u1ea5n c\u00f4ng thao t\u00fang c\u00e1c bi\u1ec3u th\u1ee9c \u0111\u01b0\u1ee3c t\u1ea1o khu\u00f4n m\u1eabu \u0111\u1ec3 th\u1ef1c thi m\u00e3 ngo\u00e0i \u00fd mu\u1ed1n. Lo\u1ea1i n\u00e0y kh\u00f4ng ch\u1ec9 gi\u1edbi h\u1ea1n \u1edf c\u00e1c ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c nh\u01b0 EL m\u00e0 c\u00f2n \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn c\u00e1c h\u1ec7 th\u1ed1ng m\u1eabu kh\u00e1c nh\u01b0 Thymeleaf, Freemarker, v.v.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>S\u1eed d\u1ee5ng, v\u1ea5n \u0111\u1ec1 v\u00e0 gi\u1ea3i ph\u00e1p<\/h2>\n<p>C\u00e1c c\u00e1ch m\u00e0 t\u00ednh n\u0103ng ch\u00e8n ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng r\u1ea5t \u0111a d\u1ea1ng:<\/p>\n<ol>\n<li>\n<p><strong>Ph\u1ee5c h\u1ed3i d\u1eef li\u1ec7u<\/strong>: Nh\u1eefng k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng EL Ti\u00eam \u0111\u1ec3 truy c\u1eadp th\u00f4ng tin nh\u1ea1y c\u1ea3m, ch\u1eb3ng h\u1ea1n nh\u01b0 th\u00f4ng tin x\u00e1c th\u1ef1c c\u1ee7a ng\u01b0\u1eddi d\u00f9ng, d\u1eef li\u1ec7u c\u00e1 nh\u00e2n ho\u1eb7c c\u1ea5u h\u00ecnh h\u1ec7 th\u1ed1ng.<\/p>\n<\/li>\n<li>\n<p><strong>Th\u1ef1c thi l\u1ec7nh<\/strong>: B\u1eb1ng c\u00e1ch ch\u00e8n c\u00e1c bi\u1ec3u th\u1ee9c \u0111\u1ed9c h\u1ea1i, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 th\u1ef1c thi c\u00e1c l\u1ec7nh h\u1ec7 th\u1ed1ng, c\u00f3 kh\u1ea3 n\u0103ng d\u1eabn \u0111\u1ebfn vi\u1ec7c th\u1ef1c thi m\u00e3 t\u1eeb xa.<\/p>\n<\/li>\n<li>\n<p><strong>B\u1ecf qua b\u1ea3o m\u1eadt<\/strong>: T\u00ednh n\u0103ng ch\u00e8n ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 v\u01b0\u1ee3t qua c\u00e1c bi\u1ec7n ph\u00e1p ki\u1ec3m so\u00e1t truy c\u1eadp, c\u01a1 ch\u1ebf x\u00e1c th\u1ef1c v\u00e0 c\u00e1c bi\u1ec7n ph\u00e1p b\u1ea3o m\u1eadt kh\u00e1c.<\/p>\n<\/li>\n<\/ol>\n<p>\u0110\u1ec3 gi\u1ea3m thi\u1ec3u vi\u1ec7c ch\u00e8n ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c, nh\u00e0 ph\u00e1t tri\u1ec3n v\u00e0 nh\u00e0 cung c\u1ea5p m\u00e1y ch\u1ee7 proxy n\u00ean xem x\u00e9t c\u00e1c gi\u1ea3i ph\u00e1p sau:<\/p>\n<ul>\n<li>\n<p><strong>X\u00e1c th\u1ef1c \u0111\u1ea7u v\u00e0o<\/strong>: X\u00e1c th\u1ef1c v\u00e0 v\u1ec7 sinh t\u1ea5t c\u1ea3 th\u00f4ng tin \u0111\u1ea7u v\u00e0o c\u1ee7a ng\u01b0\u1eddi d\u00f9ng \u0111\u1ec3 ng\u0103n ch\u1eb7n vi\u1ec7c \u0111\u01b0a c\u00e1c bi\u1ec3u th\u1ee9c \u0111\u1ed9c h\u1ea1i v\u00e0o.<\/p>\n<\/li>\n<li>\n<p><strong>Tho\u00e1t theo ng\u1eef c\u1ea3nh c\u1ee5 th\u1ec3<\/strong>: Tho\u00e1t v\u00e0 m\u00e3 h\u00f3a d\u1eef li\u1ec7u \u0111\u00fang c\u00e1ch t\u00f9y thu\u1ed9c v\u00e0o ng\u1eef c\u1ea3nh s\u1eed d\u1ee5ng d\u1eef li\u1ec7u \u0111\u00f3.<\/p>\n<\/li>\n<li>\n<p><strong>Nguy\u00ean t\u1eafc \u0111\u1eb7c quy\u1ec1n t\u1ed1i thi\u1ec3u<\/strong>: \u00c1p d\u1ee5ng nguy\u00ean t\u1eafc \u0111\u1eb7c quy\u1ec1n t\u1ed1i thi\u1ec3u \u0111\u1ec3 h\u1ea1n ch\u1ebf quy\u1ec1n truy c\u1eadp v\u00e0o c\u00e1c t\u00e0i nguy\u00ean nh\u1ea1y c\u1ea3m.<\/p>\n<\/li>\n<li>\n<p><strong>Ki\u1ec3m tra an ninh<\/strong>: Ki\u1ec3m tra b\u1ea3o m\u1eadt th\u01b0\u1eddng xuy\u00ean v\u00e0 \u0111\u00e1nh gi\u00e1 m\u00e3 c\u00f3 th\u1ec3 gi\u00fap x\u00e1c \u0111\u1ecbnh v\u00e0 gi\u1ea3i quy\u1ebft c\u00e1c l\u1ed7 h\u1ed5ng ti\u1ec1m \u1ea9n.<\/p>\n<\/li>\n<\/ul>\n<h2>So s\u00e1nh v\u1edbi c\u00e1c \u0111i\u1ec1u kho\u1ea3n t\u01b0\u01a1ng t\u1ef1<\/h2>\n<p>D\u01b0\u1edbi \u0111\u00e2y l\u00e0 so s\u00e1nh c\u1ee7a Ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c v\u1edbi c\u00e1c thu\u1eadt ng\u1eef t\u01b0\u01a1ng t\u1ef1:<\/p>\n<table>\n<thead>\n<tr>\n<th>Thu\u1eadt ng\u1eef<\/th>\n<th>S\u1ef1 mi\u00eau t\u1ea3<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Ti\u00eam SQL<\/td>\n<td>Nh\u1eafm m\u1ee5c ti\u00eau c\u01a1 s\u1edf d\u1eef li\u1ec7u c\u1ee7a \u1ee9ng d\u1ee5ng b\u1eb1ng c\u00e1ch ch\u00e8n c\u00e1c truy v\u1ea5n SQL \u0111\u1ed9c h\u1ea1i.<\/td>\n<\/tr>\n<tr>\n<td>T\u1eadp l\u1ec7nh ch\u00e9o trang (XSS)<\/td>\n<td>\u0110\u01b0a c\u00e1c t\u1eadp l\u1ec7nh \u0111\u1ed9c h\u1ea1i v\u00e0o c\u00e1c trang web \u0111\u01b0\u1ee3c ng\u01b0\u1eddi d\u00f9ng kh\u00e1c xem.<\/td>\n<\/tr>\n<tr>\n<td>L\u1ec7nh ti\u00eam<\/td>\n<td>Li\u00ean quan \u0111\u1ebfn vi\u1ec7c ti\u00eam v\u00e0 th\u1ef1c thi c\u00e1c l\u1ec7nh h\u1ec7 th\u1ed1ng \u0111\u1ed9c h\u1ea1i tr\u00ean m\u00e1y ch\u1ee7.<\/td>\n<\/tr>\n<tr>\n<td>Gi\u1ea3 m\u1ea1o y\u00eau c\u1ea7u ph\u00eda m\u00e1y ch\u1ee7 (SSRF)<\/td>\n<td>Khai th\u00e1c m\u00e1y ch\u1ee7 \u0111\u1ec3 th\u1ef1c hi\u1ec7n c\u00e1c y\u00eau c\u1ea7u t\u1edbi t\u00e0i nguy\u00ean n\u1ed9i b\u1ed9 ho\u1eb7c c\u00e1c m\u00e1y ch\u1ee7 kh\u00e1c.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>Quan \u0111i\u1ec3m v\u00e0 c\u00f4ng ngh\u1ec7 t\u01b0\u01a1ng lai<\/h2>\n<p>Khi b\u1ed1i c\u1ea3nh c\u00f4ng ngh\u1ec7 ph\u00e1t tri\u1ec3n, chi\u1ebfn thu\u1eadt c\u1ee7a nh\u1eefng k\u1ebb t\u1ea5n c\u00f4ng m\u1ea1ng c\u0169ng ph\u00e1t tri\u1ec3n theo. T\u01b0\u01a1ng lai c\u1ee7a Ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c \u0111\u01b0\u1ee3c g\u1eafn ch\u1eb7t v\u1edbi nh\u1eefng ti\u1ebfn b\u1ed9 trong khung \u1ee9ng d\u1ee5ng web, ng\u00f4n ng\u1eef v\u00e0 c\u00e1c bi\u1ec7n ph\u00e1p b\u1ea3o m\u1eadt. C\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n v\u00e0 nh\u00e0 cung c\u1ea5p m\u00e1y ch\u1ee7 proxy s\u1ebd c\u1ea7n ph\u1ea3i lu\u00f4n c\u1ea3nh gi\u00e1c v\u00e0 \u00e1p d\u1ee5ng c\u00e1c c\u00f4ng ngh\u1ec7 m\u1edbi c\u0169ng nh\u01b0 c\u00e1c ph\u01b0\u01a1ng ph\u00e1p hay nh\u1ea5t \u0111\u1ec3 ch\u1ed1ng l\u1ea1i c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng ng\u00e0y c\u00e0ng gia t\u0103ng.<\/p>\n<h2>M\u00e1y ch\u1ee7 proxy v\u00e0 ch\u00e8n ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c<\/h2>\n<p>C\u00e1c m\u00e1y ch\u1ee7 proxy, nh\u01b0 OneProxy, c\u00f3 th\u1ec3 \u0111\u00f3ng m\u1ed9t vai tr\u00f2 quan tr\u1ecdng trong vi\u1ec7c gi\u1ea3m thi\u1ec3u r\u1ee7i ro li\u00ean quan \u0111\u1ebfn vi\u1ec7c ch\u00e8n ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c. B\u1eb1ng c\u00e1ch tri\u1ec3n khai c\u00e1c c\u01a1 ch\u1ebf b\u1ea3o m\u1eadt kh\u00e1c nhau, ch\u1eb3ng h\u1ea1n nh\u01b0 l\u1ecdc y\u00eau c\u1ea7u, x\u00e1c th\u1ef1c \u0111\u1ea7u v\u00e0o v\u00e0 gi\u00e1m s\u00e1t l\u01b0u l\u01b0\u1ee3ng, m\u00e1y ch\u1ee7 proxy c\u00f3 th\u1ec3 ho\u1ea1t \u0111\u1ed9ng nh\u01b0 m\u1ed9t r\u00e0o c\u1ea3n gi\u1eefa ng\u01b0\u1eddi d\u00f9ng v\u00e0 \u1ee9ng d\u1ee5ng web. H\u1ecd c\u00f3 th\u1ec3 ki\u1ec3m tra v\u00e0 v\u1ec7 sinh c\u00e1c y\u00eau c\u1ea7u \u0111\u1ebfn tr\u01b0\u1edbc khi chuy\u1ec3n ti\u1ebfp ch\u00fang \u0111\u1ebfn m\u00e1y ch\u1ee7 \u1ee9ng d\u1ee5ng, t\u1eeb \u0111\u00f3 gi\u1ea3m kh\u1ea3 n\u0103ng x\u1ea3y ra c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng Ch\u00e8n ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c.<\/p>\n<h2>Li\u00ean k\u1ebft li\u00ean quan<\/h2>\n<p>\u0110\u1ec3 bi\u1ebft th\u00eam th\u00f4ng tin v\u1ec1 t\u00ednh n\u0103ng ch\u00e8n ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c v\u00e0 b\u1ea3o m\u1eadt \u1ee9ng d\u1ee5ng web, vui l\u00f2ng tham kh\u1ea3o c\u00e1c t\u00e0i nguy\u00ean sau:<\/p>\n<ol>\n<li>Ch\u00e8n ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c OWASP: <a href=\"https:\/\/owasp.org\/www-community\/attacks\/Expression_Language_Injection\" target=\"_new\" rel=\"noopener nofollow\">https:\/\/owasp.org\/www-community\/attacks\/Expression_Language_Injection<\/a><\/li>\n<li>Vi\u1ec7n SANS \u2013 C\u00e1c l\u1ed7 h\u1ed5ng \u1ee9ng d\u1ee5ng web ph\u1ed5 bi\u1ebfn: <a href=\"https:\/\/www.sans.org\/blog\/top-5-web-application-vulnerabilities\/\" target=\"_new\" rel=\"noopener nofollow\">https:\/\/www.sans.org\/blog\/top-5-web-application-vulnerabilities\/<\/a><\/li>\n<li>Th\u00f4ng s\u1ed1 k\u1ef9 thu\u1eadt c\u1ee7a trang Oracle JavaServer: <a href=\"https:\/\/docs.oracle.com\/javaee\/5\/tutorial\/doc\/bnaph.html\" target=\"_new\" rel=\"noopener nofollow\">https:\/\/docs.oracle.com\/javaee\/5\/tutorial\/doc\/bnaph.html<\/a><\/li>\n<li>Gi\u1edbi thi\u1ec7u v\u1ec1 Ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c h\u1ee3p nh\u1ea5t (UEL): <a href=\"https:\/\/www.oracle.com\/technical-resources\/articles\/java\/introduction-unified-expression-language.html\" target=\"_new\" rel=\"noopener nofollow\">https:\/\/www.oracle.com\/technical-resources\/articles\/java\/introduction-unified-expression-language.html<\/a><\/li>\n<\/ol>\n<p>B\u1eb1ng c\u00e1ch l\u00e0m theo c\u00e1c ph\u01b0\u01a1ng ph\u00e1p hay nh\u1ea5t v\u00e0 li\u00ean t\u1ee5c t\u1ef1 \u0111\u00e0o t\u1ea1o v\u1ec1 c\u00e1c m\u1ed1i \u0111e d\u1ecda m\u1edbi n\u1ed5i, c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n v\u00e0 nh\u00e0 cung c\u1ea5p m\u00e1y ch\u1ee7 proxy c\u00f3 th\u1ec3 gi\u00fap b\u1ea3o v\u1ec7 \u1ee9ng d\u1ee5ng web v\u00e0 ng\u01b0\u1eddi d\u00f9ng c\u1ee7a h\u1ecd kh\u1ecfi nh\u1eefng m\u1ed1i nguy hi\u1ec3m c\u1ee7a vi\u1ec7c ch\u00e8n ng\u00f4n ng\u1eef bi\u1ec3u th\u1ee9c.<\/p>","protected":false},"featured_media":477159,"menu_order":0,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"class_list":["post-477158","wiki","type-wiki","status-publish","has-post-thumbnail","hentry"],"acf":{"faq_title":"Frequently Asked Questions about <mark>Expression Language Injection: An Overview<\/mark>","faq_items":[{"question":"What is Expression Language Injection?","answer":"<p>Expression Language Injection is a type of security vulnerability found in web applications. It allows attackers to insert malicious code or expressions into the application's expression language framework, potentially leading to unauthorized access, data manipulation, or even remote code execution.<\/p>"},{"question":"How did Expression Language Injection originate?","answer":"<p>Expression Language Injection emerged with the rise of dynamic web applications and the adoption of expression languages like JSP EL and UEL. Its earliest mentions date back to the mid-2000s, when web developers started using these languages to enhance dynamic content generation.<\/p>"},{"question":"How does Expression Language Injection work?","answer":"<p>Attackers inject malicious expressions into input fields or parameters within the web application. The application's expression language framework processes these inputs and evaluates the injected expressions. If not properly validated, the malicious code executes within the application's context, granting unauthorized access or control.<\/p>"},{"question":"What are the key features of Expression Language Injection?","answer":"<p>Expression Language Injection's key features include its context-based impact, potential data exposure, code execution capabilities, and the possibility of combining it with other vulnerabilities for more significant impacts.<\/p>"},{"question":"What types of Expression Language Injection exist?","answer":"<p>There are several types of Expression Language Injection, such as JSP Expression Language (EL) Injection, Unified Expression Language (UEL) Injection, and Template Engine Injection.<\/p>"},{"question":"How can Expression Language Injection be used, and how can it be mitigated?","answer":"<p>Attackers can use Expression Language Injection for data retrieval, command execution, and security bypass. To mitigate this vulnerability, developers and proxy server providers should implement input validation, context-specific escaping, and adhere to the principle of least privilege.<\/p>"},{"question":"How does Expression Language Injection compare to similar terms like SQL Injection and Cross-Site Scripting (XSS)?","answer":"<p>Expression Language Injection differs from SQL Injection, XSS, and Command Injection in its specific focus on manipulating expression languages within web applications.<\/p>"},{"question":"What is the future outlook for Expression Language Injection?","answer":"<p>The future of Expression Language Injection is closely tied to advancements in web application frameworks and security measures. Developers and proxy server providers must stay vigilant and adopt new technologies and best practices to defend against evolving attacks.<\/p>"},{"question":"How can proxy servers like OneProxy help with Expression Language Injection?","answer":"<p>Proxy servers, like OneProxy, can act as a protective barrier for web applications by filtering and validating incoming requests, reducing the risk of Expression Language Injection attacks.<\/p>"},{"question":"Where can I find more information about Expression Language Injection?","answer":"<p>For further details on Expression Language Injection and web application security, refer to the following resources:<\/p><ol><li>OWASP Expression Language Injection: <a href=\"https:\/\/owasp.org\/www-community\/attacks\/Expression_Language_Injection\" target=\"_new\">https:\/\/owasp.org\/www-community\/attacks\/Expression_Language_Injection<\/a><\/li><li>SANS Institute - Common Web Application Vulnerabilities: <a href=\"https:\/\/www.sans.org\/blog\/top-5-web-application-vulnerabilities\/\" target=\"_new\">https:\/\/www.sans.org\/blog\/top-5-web-application-vulnerabilities\/<\/a><\/li><li>Oracle JavaServer Pages Specification: <a href=\"https:\/\/docs.oracle.com\/javaee\/5\/tutorial\/doc\/bnaph.html\" target=\"_new\">https:\/\/docs.oracle.com\/javaee\/5\/tutorial\/doc\/bnaph.html<\/a><\/li><li>Introduction to Unified Expression Language (UEL): <a href=\"https:\/\/www.oracle.com\/technical-resources\/articles\/java\/introduction-unified-expression-language.html\" target=\"_new\">https:\/\/www.oracle.com\/technical-resources\/articles\/java\/introduction-unified-expression-language.html<\/a><\/li><\/ol>"}]},"_links":{"self":[{"href":"https:\/\/oneproxy.pro\/vn\/wp-json\/wp\/v2\/wiki\/477158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oneproxy.pro\/vn\/wp-json\/wp\/v2\/wiki"}],"about":[{"href":"https:\/\/oneproxy.pro\/vn\/wp-json\/wp\/v2\/types\/wiki"}],"version-history":[{"count":0,"href":"https:\/\/oneproxy.pro\/vn\/wp-json\/wp\/v2\/wiki\/477158\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/oneproxy.pro\/vn\/wp-json\/wp\/v2\/media\/477159"}],"wp:attachment":[{"href":"https:\/\/oneproxy.pro\/vn\/wp-json\/wp\/v2\/media?parent=477158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}