Back to Question Center
0

Semalt: Indlela Yokukhusela I-Site Yakho Kusuka kwiSpring-Site Scripting

1 answers:

Uninzi lwentsebenziswano ye-intanethi ludityaniswe. Phantse wonke umntu ophethe iwebhusayithiixesha elingaphezu konyaka liye okanye liza kuthatha inzame yokuzama. Olu khuselo lubeka abantu abaninzi abasengozini. Blogger kunye nabanikazize-e-commerce zewebhusayithi kufuneka ziqaphele ezi zihlaselo kunye nokulungisa ezinye iimpazamo zokubhala, ezibangelwa le mizamo yokukhawuleza.Uninzi lwezinto ezikhuselekileyo zokhuseleko lwe-cyber zibandakanya abahlaseli bazama ukufumana ukungena ngemvume okungagunyazisiweyo kwiiwebhusayithi kwaye bafumane ukufikelela kwiinkcukacha ezininziulwazi, uninzi lwalo lubhekiselele kwiinkcukacha zabaxhasi njengolwazi lwekhadi lesikweletu. Abanye abahlaseli bangenza izenzo ezingekho mthethweninjengokudiliza i-website okanye ukuzisa iindlela zokuncintisana ngokungalunganga kwi-platform ye-e-yorhwebo.

Esinye sezihlaselo ze-web ukusasazwa kweSatifikethi (Cross-site Scripting) (XSS)hlaselwa. Le nkathalo ibandakanya ukuhlaselwa kwekhowudi yecala yomxhasi, okujolise ekusebenzeni izikripthi kwiwebhusayithi okanye kwisicelo sewebhu esisebenzisalombhalo othe ngqo. Ikhowudi yokuhlawula inkohlakalo yenza imisebenzi eyahlukeneyo kumzimba wekhowudi kwakunye nokwenza isiphequluli sexhoba ithumeleiikhowudi kwindawo engaziwayo eyimfihlo eyaziwayo kwi-hacker.

I-Artem Abgarian, uMphathi oyiMatriki oPhumeleleyo iSemalt ,unikezela ngqalelo indlela eyahlukileyo ngayo indlela le script esebenza ngayo kunye nendlela yokukhusela iwebhusayithi yakho kule hlaselo:

Ukuhlaselwa kweSkripthi yeSiphelo (XSS) sokuhlasela

Ukuhlaselwa kukubandakanya ukwenza ixhoba nqakraza iqhagamshelo eliqhuba iskripthi ukuze udibaniseezininzi izikhangeli. Le ndlela ingasebenzisa ezinye iindlela ezifana neVBScript, ActiveX, kunye ne-Flash, kodwa iJavascript iyinto eqhelekileyo ngenxa yexeshaukusetyenziswa kwezicelo ezininzi zewebhu. Olu hlaselo lubandakanya i-hacker eqondisa ukuhlaselwa kwamaphepha angenayo. Le nkqubo ibandakanya ukujovaumrhumo wokuhlawula kwisiphequluli sexhoba ngokuchofoza unxibelelwano olubi. Eli nqanaba liquka ukuhlaselwa kwezigameko ezininzi kunye ne-PTCukuhlawula kunye nokutshintshwa kweemikhankaso.

Iingongelo ezinokwenzeka

NgeJavaScript, umhlaseli unokukwazi ukuthumela nokufumana izicelo ze-HTTPS. II-hacker nayo iyakwazi ukufumana iiphasiwedi kunye nokungena ngemvume kwi-user-users, ingakumbi xa zikhupha i-browser. OkuI-hick ingenza umntu alahlekelwe yonke idatha ebalulekileyo kwiwebhusayithi kunye nokukhuthaza ukuhlaselwa kobuqhetseba njengendawo yomsebenzisi, idilesi ye-IP,imakrofoni, i-webcam kunye nezinye izihlaselo ezizalwe kwi-SQL injection.

Kwezinye iimeko, ukuhlaselwa kweSpring-site Script (XSS) kunokuhlawula umkhangeli we-browserikhukhi. I-XSS yinkqubo yobunjineli obuyinkimbinkimbi, kwaye inokwenza isiphequluli ibe ngumgca ocacileyo. Ngenxa yoko, kufuneka ufunekwezinye izixhobo zokuyila kwiwebhusayithi yakho ukukhusela i-XSS.

Isiphetho

Naliphi na indawo ye-e-yorhwebo, kubalulekile ukukhusela isayithi yakho ngokubhekiselele kwiindawo ezinjalonjenge-Cross-site Scripting (XSS). Oku kuxhaphaza kukuhlaselwa kwekhowudi yecala yomxhasi, okwenza ukuba i-website ibe yintsholongwane kodwakwakhona umsebenzisi wokugqibela. I-hacker ingakwazi ukuqhuba iskripthi kwiseva, enokubenza bakwazi ukufikelela kwiinkcukacha zabucala. Ezinye iindlelaUkuthintela ukuhlaselwa kwesiXeko seSiphambano (XSS) silapha kwesi sikhokelo. Unokwazi ukwenza iwebhusayithi yakho iphephile kwi-XSSukuhlaselwa kunye nokukhusela ukhuseleko lwabaxhasi bakho kwibahlaseli.

November 28, 2017
Semalt: Indlela Yokukhusela I-Site Yakho Kusuka kwiSpring-Site Scripting
Reply