{"id":2381,"date":"2025-09-25T09:00:00","date_gmt":"2025-09-25T02:00:00","guid":{"rendered":"https:\/\/idc.metaserv.vn\/?p=2381"},"modified":"2025-09-16T13:40:17","modified_gmt":"2025-09-16T06:40:17","slug":"sql-injection-la-gi-va-cach-phong-chong","status":"publish","type":"post","link":"https:\/\/idc.metaserv.vn\/en\/2025\/09\/25\/sql-injection-la-gi-va-cach-phong-chong\/","title":{"rendered":"SQL Injection l\u00e0 g\u00ec? Hi\u1ec3m h\u1ecda ti\u1ec1m \u1ea9n sau m\u1ed7i d\u00f2ng code"},"content":{"rendered":"<p>Website c\u1ee7a doanh nghi\u1ec7p l\u00e0 t\u00e0i s\u1ea3n qu\u00fd gi\u00e1 nh\u01b0ng c\u0169ng l\u00e0 m\u1ee5c ti\u00eau t\u1ea5n c\u00f4ng h\u00e0ng \u0111\u1ea7u c\u1ee7a c\u00e1c tin t\u1eb7c. M\u1ed9t trong nh\u1eefng l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt nguy hi\u1ec3m v\u00e0 ph\u1ed5 bi\u1ebfn nh\u1ea5t m\u00e0 m\u1ecdi trang web s\u1eed d\u1ee5ng c\u01a1 s\u1edf d\u1eef li\u1ec7u \u0111\u1ec1u c\u00f3 th\u1ec3 g\u1eb7p ph\u1ea3i ch\u00ednh l\u00e0 <strong>SQL Injection<\/strong>.<\/p>\n\n\n\n<p>V\u1eady, <strong>SQL Injection l\u00e0 g\u00ec<\/strong>?<\/p>\n\n\n\n<p>\u0110\u00e2y l\u00e0 m\u1ed9t k\u1ef9 thu\u1eadt t\u1ea5n c\u00f4ng b\u1eb1ng c\u00e1ch ch\u00e8n c\u00e1c \u0111o\u1ea1n m\u00e3 SQL \u0111\u1ed9c h\u1ea1i v\u00e0o c\u00e1c tr\u01b0\u1eddng nh\u1eadp li\u1ec7u tr\u00ean website (nh\u01b0 form \u0111\u0103ng nh\u1eadp, \u00f4 t\u00ecm ki\u1ebfm). Thay v\u00ec nh\u1eadp d\u1eef li\u1ec7u b\u00ecnh th\u01b0\u1eddng, k\u1ebb t\u1ea5n c\u00f4ng s\u1ebd &#8220;l\u1eeba&#8221; website th\u1ef1c thi c\u00e1c l\u1ec7nh SQL kh\u00f4ng mong mu\u1ed1n, t\u1eeb \u0111\u00f3 truy c\u1eadp, thay \u0111\u1ed5i ho\u1eb7c x\u00f3a b\u1ecf d\u1eef li\u1ec7u trong c\u01a1 s\u1edf d\u1eef li\u1ec7u.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1000\" height=\"563\" src=\"https:\/\/idc.metaserv.vn\/wp-content\/uploads\/2025\/09\/SQL-Injection.jpg\" alt=\"\" class=\"wp-image-2382\" srcset=\"https:\/\/idc.metaserv.vn\/wp-content\/uploads\/2025\/09\/SQL-Injection.jpg 1000w, https:\/\/idc.metaserv.vn\/wp-content\/uploads\/2025\/09\/SQL-Injection-300x169.jpg 300w, https:\/\/idc.metaserv.vn\/wp-content\/uploads\/2025\/09\/SQL-Injection-768x432.jpg 768w, https:\/\/idc.metaserv.vn\/wp-content\/uploads\/2025\/09\/SQL-Injection-18x10.jpg 18w, https:\/\/idc.metaserv.vn\/wp-content\/uploads\/2025\/09\/SQL-Injection-600x338.jpg 600w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>C\u01a1 ch\u1ebf ho\u1ea1t \u0111\u1ed9ng: Khi &#8220;c\u1eeda sau&#8221; c\u1ee7a website b\u1ecb khai th\u00e1c<\/strong><\/h2>\n\n\n\n<p>\u0110\u1ec3 d\u1ec5 h\u00ecnh dung, h\u00e3y xem x\u00e9t m\u1ed9t trang web c\u00f3 form \u0111\u0103ng nh\u1eadp. M\u00e3 l\u1eadp tr\u00ecnh s\u1ebd t\u1ea1o m\u1ed9t c\u00e2u l\u1ec7nh SQL \u0111\u1ec3 ki\u1ec3m tra t\u00ean ng\u01b0\u1eddi d\u00f9ng v\u00e0 m\u1eadt kh\u1ea9u.<\/p>\n\n\n\n<p><strong>C\u00e2u l\u1ec7nh SQL th\u00f4ng th\u01b0\u1eddng:<\/strong> <code>SELECT * FROM users WHERE username = 't\u00ean_ng\u01b0\u1eddi_d\u00f9ng' AND password = 'm\u1eadt_kh\u1ea9u'<\/code><\/p>\n\n\n\n<p>N\u1ebfu k\u1ebb t\u1ea5n c\u00f4ng nh\u1eadp v\u00e0o tr\u01b0\u1eddng &#8220;t\u00ean ng\u01b0\u1eddi d\u00f9ng&#8221; m\u1ed9t \u0111o\u1ea1n m\u00e3 \u0111\u1ed9c h\u1ea1i nh\u01b0: <code>' or 1=1 --<\/code><\/p>\n\n\n\n<p>C\u00e2u l\u1ec7nh SQL ban \u0111\u1ea7u s\u1ebd tr\u1edf th\u00e0nh: <code>SELECT * FROM users WHERE username = '' or 1=1 --' AND password = 'm\u1eadt_kh\u1ea9u'<\/code><\/p>\n\n\n\n<p>Trong c\u00e2u l\u1ec7nh m\u1edbi n\u00e0y:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>' or 1=1<\/code> s\u1ebd lu\u00f4n tr\u1ea3 v\u1ec1 gi\u00e1 tr\u1ecb <strong>\u0111\u00fang<\/strong> (true).<\/li>\n\n\n\n<li><code>--<\/code> l\u00e0 k\u00fd hi\u1ec7u ch\u00fa th\u00edch trong SQL, l\u00e0m cho ph\u1ea7n c\u00f2n l\u1ea1i c\u1ee7a c\u00e2u l\u1ec7nh b\u1ecb b\u1ecf qua.<\/li>\n<\/ul>\n\n\n\n<p>K\u1ebft qu\u1ea3 l\u00e0 c\u00e2u l\u1ec7nh n\u00e0y s\u1ebd v\u01b0\u1ee3t qua \u0111\u01b0\u1ee3c b\u01b0\u1edbc ki\u1ec3m tra v\u00e0 cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng \u0111\u0103ng nh\u1eadp m\u00e0 kh\u00f4ng c\u1ea7n bi\u1ebft m\u1eadt kh\u1ea9u. \u0110\u00e2y ch\u1ec9 l\u00e0 m\u1ed9t v\u00ed d\u1ee5 \u0111\u01a1n gi\u1ea3n, m\u1ee9c \u0111\u1ed9 nguy hi\u1ec3m c\u1ee7a c\u00e1c cu\u1ed9c <strong>t\u1ea5n c\u00f4ng SQL Injection<\/strong> c\u00f3 th\u1ec3 ph\u1ee9c t\u1ea1p h\u01a1n r\u1ea5t nhi\u1ec1u.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Kh\u00f4ng ch\u1ec9 l\u00e0 m\u1ea5t d\u1eef li\u1ec7u: T\u00e1c h\u1ea1i kh\u00f4n l\u01b0\u1eddng c\u1ee7a SQL Injectio<\/strong>n<\/h2>\n\n\n\n<p>SQL Injection kh\u00f4ng ch\u1ec9 \u0111\u01a1n thu\u1ea7n l\u00e0 \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u. N\u1ebfu kh\u00f4ng \u0111\u01b0\u1ee3c ng\u0103n ch\u1eb7n, l\u1ed7 h\u1ed5ng n\u00e0y c\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn nh\u1eefng h\u1eadu qu\u1ea3 nghi\u00eam tr\u1ecdng:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>M\u1ea5t c\u1eafp d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m:<\/strong> \u0110\u00e1nh c\u1eafp th\u00f4ng tin c\u00e1 nh\u00e2n c\u1ee7a kh\u00e1ch h\u00e0ng, d\u1eef li\u1ec7u th\u1ebb t\u00edn d\u1ee5ng, th\u00f4ng tin n\u1ed9i b\u1ed9 c\u1ee7a doanh nghi\u1ec7p.<\/li>\n\n\n\n<li><strong>S\u1eeda \u0111\u1ed5i ho\u1eb7c x\u00f3a d\u1eef li\u1ec7u:<\/strong> K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 thay \u0111\u1ed5i, x\u00f3a b\u1ecf ho\u1eb7c l\u00e0m h\u1ecfng d\u1eef li\u1ec7u, g\u00e2y gi\u00e1n \u0111o\u1ea1n ho\u1ea1t \u0111\u1ed9ng kinh doanh nghi\u00eam tr\u1ecdng.<\/li>\n\n\n\n<li><strong>Ki\u1ec3m so\u00e1t m\u00e1y ch\u1ee7:<\/strong> Trong m\u1ed9t s\u1ed1 tr\u01b0\u1eddng h\u1ee3p, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 chi\u1ebfm quy\u1ec1n ki\u1ec3m so\u00e1t ho\u00e0n to\u00e0n m\u00e1y ch\u1ee7 c\u01a1 s\u1edf d\u1eef li\u1ec7u, cho ph\u00e9p h\u1ecd c\u00e0i \u0111\u1eb7t ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i ho\u1eb7c s\u1eed d\u1ee5ng m\u00e1y ch\u1ee7 cho c\u00e1c m\u1ee5c \u0111\u00edch b\u1ea5t h\u1ee3p ph\u00e1p.<\/li>\n\n\n\n<li><strong>M\u1ea5t uy t\u00edn:<\/strong> Khi kh\u00e1ch h\u00e0ng ph\u00e1t hi\u1ec7n d\u1eef li\u1ec7u c\u1ee7a m\u00ecnh b\u1ecb r\u00f2 r\u1ec9, uy t\u00edn v\u00e0 l\u00f2ng tin c\u1ee7a h\u1ecd v\u00e0o doanh nghi\u1ec7p s\u1ebd b\u1ecb t\u1ed5n h\u1ea1i n\u1eb7ng n\u1ec1.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"1000\" height=\"666\" src=\"https:\/\/idc.metaserv.vn\/wp-content\/uploads\/2025\/09\/SQL-Injection-1.jpg\" alt=\"\" class=\"wp-image-2383\" srcset=\"https:\/\/idc.metaserv.vn\/wp-content\/uploads\/2025\/09\/SQL-Injection-1.jpg 1000w, https:\/\/idc.metaserv.vn\/wp-content\/uploads\/2025\/09\/SQL-Injection-1-300x200.jpg 300w, https:\/\/idc.metaserv.vn\/wp-content\/uploads\/2025\/09\/SQL-Injection-1-768x511.jpg 768w, https:\/\/idc.metaserv.vn\/wp-content\/uploads\/2025\/09\/SQL-Injection-1-18x12.jpg 18w, https:\/\/idc.metaserv.vn\/wp-content\/uploads\/2025\/09\/SQL-Injection-1-360x240.jpg 360w, https:\/\/idc.metaserv.vn\/wp-content\/uploads\/2025\/09\/SQL-Injection-1-600x400.jpg 600w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Ph\u00f2ng ng\u1eeba SQL Injection: B\u1ea3o v\u1ec7 website c\u1ee7a doanh nghi\u1ec7p ngay h\u00f4m nay<\/strong><\/h2>\n\n\n\n<p>\u0110\u1ec3 b\u1ea3o v\u1ec7 website kh\u1ecfi <strong>l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt<\/strong> SQL Injection, c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n v\u00e0 doanh nghi\u1ec7p c\u1ea7n \u00e1p d\u1ee5ng c\u00e1c bi\u1ec7n ph\u00e1p ph\u00f2ng ch\u1ed1ng ch\u1ee7 \u0111\u1ed9ng.<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>S\u1eed d\u1ee5ng Prepared Statements (Parameterized Queries):<\/strong> \u0110\u00e2y l\u00e0 ph\u01b0\u01a1ng ph\u00e1p ph\u00f2ng ch\u1ed1ng hi\u1ec7u qu\u1ea3 nh\u1ea5t. N\u00f3 t\u00e1ch bi\u1ec7t c\u00e2u l\u1ec7nh SQL v\u1edbi d\u1eef li\u1ec7u \u0111\u1ea7u v\u00e0o, \u0111\u1ea3m b\u1ea3o r\u1eb1ng m\u1ecdi d\u1eef li\u1ec7u do ng\u01b0\u1eddi d\u00f9ng nh\u1eadp v\u00e0o \u0111\u1ec1u \u0111\u01b0\u1ee3c x\u1eed l\u00fd nh\u01b0 m\u1ed9t gi\u00e1 tr\u1ecb ch\u1ee9 kh\u00f4ng ph\u1ea3i m\u1ed9t ph\u1ea7n c\u1ee7a c\u00e2u l\u1ec7nh SQL.<\/li>\n\n\n\n<li><strong>V\u1ec7 sinh v\u00e0 ki\u1ec3m tra d\u1eef li\u1ec7u \u0111\u1ea7u v\u00e0o:<\/strong> Lu\u00f4n l\u1ecdc b\u1ecf ho\u1eb7c m\u00e3 h\u00f3a c\u00e1c k\u00fd t\u1ef1 \u0111\u1eb7c bi\u1ec7t c\u00f3 th\u1ec3 g\u00e2y nguy hi\u1ec3m nh\u01b0 (<code>' \" ; --<\/code>). Ch\u1ec9 ch\u1ea5p nh\u1eadn c\u00e1c \u0111\u1ecbnh d\u1ea1ng d\u1eef li\u1ec7u \u0111\u00e3 \u0111\u01b0\u1ee3c x\u00e1c \u0111\u1ecbnh tr\u01b0\u1edbc.<\/li>\n\n\n\n<li><strong>\u00c1p d\u1ee5ng nguy\u00ean t\u1eafc quy\u1ec1n truy c\u1eadp t\u1ed1i thi\u1ec3u:<\/strong> Ch\u1ec9 c\u1ea5p cho t\u00e0i kho\u1ea3n c\u01a1 s\u1edf d\u1eef li\u1ec7u nh\u1eefng quy\u1ec1n c\u1ea7n thi\u1ebft \u0111\u1ec3 th\u1ef1c hi\u1ec7n c\u00f4ng vi\u1ec7c c\u1ee7a n\u00f3, tr\u00e1nh c\u1ea5p quy\u1ec1n qu\u1ea3n tr\u1ecb (admin) m\u1ed9t c\u00e1ch b\u1eeba b\u00e3i.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/idc.metaserv.vn\/en\/waf-metaserv\/\">S\u1eed d\u1ee5ng Web Application Firewall (WAF):<\/a><\/strong> WAF l\u00e0 m\u1ed9t l\u1edbp b\u1ea3o v\u1ec7 b\u1ed5 sung, gi\u00fap ph\u00e1t hi\u1ec7n v\u00e0 ng\u0103n ch\u1eb7n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng SQL Injection tr\u01b0\u1edbc khi ch\u00fang c\u00f3 th\u1ec3 ti\u1ebfp c\u1eadn \u0111\u01b0\u1ee3c m\u00e1y ch\u1ee7 web.<\/li>\n\n\n\n<li><strong>Th\u01b0\u1eddng xuy\u00ean c\u1eadp nh\u1eadt ph\u1ea7n m\u1ec1m:<\/strong> \u0110\u1ea3m b\u1ea3o h\u1ec7 th\u1ed1ng qu\u1ea3n l\u00fd c\u01a1 s\u1edf d\u1eef li\u1ec7u, framework v\u00e0 c\u00e1c th\u01b0 vi\u1ec7n l\u1eadp tr\u00ecnh lu\u00f4n \u0111\u01b0\u1ee3c c\u1eadp nh\u1eadt phi\u00ean b\u1ea3n m\u1edbi nh\u1ea5t \u0111\u1ec3 v\u00e1 c\u00e1c l\u1ed7 h\u1ed5ng \u0111\u00e3 bi\u1ebft.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>K\u1ebft lu\u1eadn<\/strong><\/h2>\n\n\n\n<p><strong>SQL Injection<\/strong> l\u00e0 m\u1ed9t m\u1ed1i \u0111e d\u1ecda kh\u00f4ng th\u1ec3 xem th\u01b0\u1eddng. N\u00f3 c\u00f3 th\u1ec3 g\u00e2y ra nh\u1eefng h\u1eadu qu\u1ea3 nghi\u00eam tr\u1ecdng, t\u1eeb m\u1ea5t d\u1eef li\u1ec7u \u0111\u1ebfn s\u1ee5p \u0111\u1ed5 ho\u00e0n to\u00e0n uy t\u00edn doanh nghi\u1ec7p. Vi\u1ec7c ch\u1ee7 \u0111\u1ed9ng \u00e1p d\u1ee5ng c\u00e1c bi\u1ec7n ph\u00e1p b\u1ea3o m\u1eadt website kh\u00f4ng ch\u1ec9 gi\u00fap b\u1ea3o v\u1ec7 t\u00e0i s\u1ea3n c\u1ee7a b\u1ea1n m\u00e0 c\u00f2n t\u1ea1o d\u1ef1ng ni\u1ec1m tin v\u1eefng ch\u1eafc n\u01a1i kh\u00e1ch h\u00e0ng. \u0110\u1eebng ch\u1edd \u0111\u1ebfn khi s\u1ef1 c\u1ed1 x\u1ea3y ra, h\u00e3y h\u00e0nh \u0111\u1ed9ng ngay h\u00f4m nay \u0111\u1ec3 b\u1ea3o v\u1ec7 doanh nghi\u1ec7p v\u00e0 ng\u01b0\u1eddi d\u00f9ng c\u1ee7a b\u1ea1n.<\/p>\n\n\n\n<p>C\u00f4ng ty TNHH METASERV<br>Email: sales@metaserv.vn<br>Hotline: \u202d096 308 7773\u202c | 1800 558 820<br>Thi ch\u1ee9ng ch\u1ec9: 028 3933 8888<br>\u0110\u1ecba ch\u1ec9: 287B \u0110i\u1ec7n Bi\u00ean Ph\u1ee7, Ph\u01b0\u1eddng Xu\u00e2n H\u00f2a, TP. H\u1ed3 Ch\u00ed Minh<br>Fanpage:<a href=\"https:\/\/www.facebook.com\/idc.metaserv.vn\">\u00a0IDC METASERV<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Website c\u1ee7a doanh nghi\u1ec7p l\u00e0 t\u00e0i s\u1ea3n qu\u00fd gi\u00e1 nh\u01b0ng c\u0169ng l\u00e0 m\u1ee5c ti\u00eau t\u1ea5n c\u00f4ng h\u00e0ng \u0111\u1ea7u c\u1ee7a c\u00e1c tin t\u1eb7c. M\u1ed9t trong nh\u1eefng l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt nguy hi\u1ec3m v\u00e0 ph\u1ed5 bi\u1ebfn nh\u1ea5t m\u00e0 m\u1ecdi trang web s\u1eed d\u1ee5ng c\u01a1 s\u1edf d\u1eef li\u1ec7u \u0111\u1ec1u c\u00f3 th\u1ec3 g\u1eb7p ph\u1ea3i [&hellip;]<\/p>","protected":false},"author":2,"featured_media":2384,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[23],"tags":[31,73],"class_list":["post-2381","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-blog","tag-system"],"jetpack_featured_media_url":"https:\/\/idc.metaserv.vn\/wp-content\/uploads\/2025\/09\/SQL-Injection-3.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/idc.metaserv.vn\/en\/wp-json\/wp\/v2\/posts\/2381","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/idc.metaserv.vn\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/idc.metaserv.vn\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/idc.metaserv.vn\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/idc.metaserv.vn\/en\/wp-json\/wp\/v2\/comments?post=2381"}],"version-history":[{"count":1,"href":"https:\/\/idc.metaserv.vn\/en\/wp-json\/wp\/v2\/posts\/2381\/revisions"}],"predecessor-version":[{"id":2385,"href":"https:\/\/idc.metaserv.vn\/en\/wp-json\/wp\/v2\/posts\/2381\/revisions\/2385"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/idc.metaserv.vn\/en\/wp-json\/wp\/v2\/media\/2384"}],"wp:attachment":[{"href":"https:\/\/idc.metaserv.vn\/en\/wp-json\/wp\/v2\/media?parent=2381"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/idc.metaserv.vn\/en\/wp-json\/wp\/v2\/categories?post=2381"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/idc.metaserv.vn\/en\/wp-json\/wp\/v2\/tags?post=2381"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}