{"id":139657,"date":"2025-10-31T19:05:50","date_gmt":"2025-10-31T16:05:50","guid":{"rendered":"https:\/\/aiacademy.info\/blog\/?p=139657"},"modified":"2025-10-31T19:05:50","modified_gmt":"2025-10-31T16:05:50","slug":"%d9%83%d9%88%d8%af-%d8%a2%d9%85%d9%86","status":"publish","type":"post","link":"https:\/\/aiacademy.info\/blog\/%d9%83%d9%88%d8%af-%d8%a2%d9%85%d9%86\/","title":{"rendered":"\u062f\u0644\u064a\u0644 \u0627\u0644\u0645\u0628\u0631\u0645\u062c: \u0643\u064a\u0641 \u062a\u0643\u062a\u0628 \u0643\u0648\u062f \u0622\u0645\u0646 \u0648\u062a\u062d\u0645\u064a \u062a\u0637\u0628\u064a\u0642\u0643\u061f"},"content":{"rendered":"

\u062f\u0644\u064a\u0644 \u0627\u0644\u0645\u0628\u0631\u0645\u062c: \u0643\u064a\u0641 \u062a\u0643\u062a\u0628 \u0643\u0648\u062f \u0622\u0645\u0646 \u0648\u062a\u062d\u0645\u064a \u062a\u0637\u0628\u064a\u0642\u0643\u061f<\/p>\n

\"\u0643\u0648\u062f<\/p>\n

\u0641\u064a \u0639\u0627\u0644\u0645 \u0627\u0644\u0628\u0631\u0645\u062c\u0629 \u0627\u0644\u064a\u0648\u0645\u060c \u0644\u0645 \u064a\u0639\u062f \u0643\u062a\u0627\u0628\u0629 \u0643\u0648\u062f \u0648\u0638\u064a\u0641\u064a \u0647\u0648 \u0627\u0644\u0647\u062f\u0641 \u0627\u0644\u0648\u062d\u064a\u062f. \u0628\u0644 \u064a\u062c\u0628 \u0639\u0644\u0649 \u0643\u0644 \u0645\u0628\u0631\u0645\u062c \u0623\u0646 \u064a\u062f\u0631\u0643 \u0623\u0646 \u0627\u0644\u0623\u0645\u0646 \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a \u0647\u0648 \u062c\u0632\u0621 \u0623\u0633\u0627\u0633\u064a \u0645\u0646 \u0639\u0645\u0644\u064a\u0629 \u0627\u0644\u062a\u0637\u0648\u064a\u0631. \u0643\u062a\u0627\u0628\u0629 \u0643\u0648\u062f \u0622\u0645\u0646 \u064a\u0639\u0646\u064a \u062d\u0645\u0627\u064a\u0629 \u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646\u060c \u0648\u0627\u0644\u0633\u0645\u0639\u0629\u060c \u0648\u062d\u062a\u0649 \u062a\u062c\u0646\u0628 \u062e\u0633\u0627\u0626\u0631 \u0645\u0627\u0644\u064a\u0629 \u0641\u0627\u062f\u062d\u0629.<\/p>\n

\u0647\u0630\u0627 \u0627\u0644\u0645\u0642\u0627\u0644 \u0628\u0645\u062b\u0627\u0628\u0629 \u062f\u0644\u064a\u0644 \u0639\u0645\u0644\u064a \u064a\u0631\u0643\u0632 \u0639\u0644\u0649 \u0623\u0634\u0647\u0631 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u062a\u064a \u064a\u0645\u0643\u0646 \u0623\u0646 \u064a\u062a\u0639\u0631\u0636 \u0644\u0647\u0627 \u0623\u064a \u062a\u0637\u0628\u064a\u0642\u060c \u0648\u0643\u064a\u0641 \u064a\u0645\u0643\u0646\u0643 \u0643\u0645\u0628\u0631\u0645\u062c \u0623\u0646 \u062a\u062d\u0645\u064a \u0646\u0641\u0633\u0643 \u0648\u062a\u0637\u0628\u064a\u0642\u0643 \u0645\u0646\u0647\u0627.<\/p>\n

1. \u062d\u0642\u0646 SQL (SQL Injection)<\/h2>\n

\u062a\u0639\u062a\u0628\u0631 \u0647\u062c\u0645\u0627\u062a \u062d\u0642\u0646 SQL \u0645\u0646 \u0623\u0642\u062f\u0645 \u0648\u0623\u062e\u0637\u0631 \u0627\u0644\u062b\u063a\u0631\u0627\u062a. \u062a\u062d\u062f\u062b \u0639\u0646\u062f\u0645\u0627 \u064a\u0642\u0648\u0645 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0628\u0625\u062f\u062e\u0627\u0644 \u0623\u0648 “\u062d\u0642\u0646” \u0623\u0648\u0627\u0645\u0631 SQL \u062e\u0628\u064a\u062b\u0629 \u0641\u064a \u062d\u0642\u0644 \u0625\u062f\u062e\u0627\u0644 (\u0645\u062b\u0644 \u062d\u0642\u0644 \u062a\u0633\u062c\u064a\u0644 \u0627\u0644\u062f\u062e\u0648\u0644 \u0623\u0648 \u0627\u0644\u0628\u062d\u062b)\u060c \u0645\u0645\u0627 \u064a\u062c\u0628\u0631 \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0639\u0644\u0649 \u062a\u0646\u0641\u064a\u0630 \u0623\u0648\u0627\u0645\u0631 \u0644\u0645 \u062a\u0643\u0646 \u0645\u0642\u0635\u0648\u062f\u0629.<\/p>\n

\u0643\u064a\u0641 \u062a\u062d\u062f\u062b \u0627\u0644\u062b\u063a\u0631\u0629\u061f<\/h3>\n

\u0644\u0646\u0641\u062a\u0631\u0636 \u0623\u0646 \u0644\u062f\u064a\u0643 \u0643\u0648\u062f\u064b\u0627 \u063a\u064a\u0631 \u0622\u0645\u0646 \u0641\u064a \u0644\u063a\u0629 PHP \u0644\u0627\u0633\u062a\u0639\u0644\u0627\u0645 \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a:<\/p>\n

\/\/ \u0643\u0648\u062f \u063a\u064a\u0631 \u0622\u0645\u0646\r\n\/\/ \u0644\u0627 \u062a\u0642\u0645 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645\u0647!\r\n$username = $_POST['username'];\r\n$password = $_POST['password'];\r\n\r\n$sql = \"SELECT * FROM users WHERE username = '$username' AND password = '$password'\";\r\n$result = $conn->query($sql);\r\n\r\nif ($result->num_rows > 0) {\r\n    \/\/ \u062a\u0633\u062c\u064a\u0644 \u062f\u062e\u0648\u0644 \u0646\u0627\u062c\u062d\r\n}<\/code><\/pre>\n
\u0625\u0630\u0627 \u0642\u0627\u0645 \u0645\u0647\u0627\u062c\u0645 \u0628\u0625\u062f\u062e\u0627\u0644 admin'--<\/code> \u0641\u064a \u062d\u0642\u0644 \u0627\u0633\u0645 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0648\u062a\u0631\u0643 \u062d\u0642\u0644 \u0643\u0644\u0645\u0629 \u0627\u0644\u0645\u0631\u0648\u0631 \u0641\u0627\u0631\u063a\u064b\u0627\u060c \u0641\u0625\u0646 \u0627\u0644\u0627\u0633\u062a\u0639\u0644\u0627\u0645 \u0633\u064a\u062a\u062d\u0648\u0644 \u0625\u0644\u0649:<\/p>\n
SELECT * FROM users WHERE username = 'admin'--' AND password = ''<\/code><\/pre>\n
\u0627\u0644\u0631\u0645\u0632 --<\/code> \u0647\u0648 \u062a\u0639\u0644\u064a\u0642 \u0641\u064a SQL\u060c \u0645\u0645\u0627 \u064a\u0639\u0646\u064a \u0623\u0646 \u0628\u0642\u064a\u0629 \u0627\u0644\u0627\u0633\u062a\u0639\u0644\u0627\u0645 \u0633\u064a\u062a\u0645 \u062a\u062c\u0627\u0647\u0644\u0647\u060c \u0648\u0633\u064a\u062a\u0645\u0643\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0645\u0646 \u0627\u0644\u062f\u062e\u0648\u0644 \u0643\u0645\u062f\u064a\u0631 (admin) \u062f\u0648\u0646 \u0627\u0644\u062d\u0627\u062c\u0629 \u0625\u0644\u0649 \u0643\u0644\u0645\u0629 \u0645\u0631\u0648\u0631 \u0635\u062d\u064a\u062d\u0629.<\/p>\n
\u0643\u064a\u0641 \u062a\u062d\u0645\u064a \u0646\u0641\u0633\u0643\u061f<\/h3>\n
\u0627\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u0627\u0633\u062a\u0639\u0644\u0627\u0645\u0627\u062a \u0627\u0644\u0645\u0639\u062f\u0629 (Prepared Statements) \u0623\u0648 \u0627\u0644\u0627\u0633\u062a\u0639\u0644\u0627\u0645\u0627\u062a \u0627\u0644\u0645\u064f\u0639\u0627\u0645\u0644\u0629 (Parameterized Queries). \u0647\u0630\u0647 \u0627\u0644\u0637\u0631\u064a\u0642\u0629 \u062a\u0641\u0635\u0644 \u0628\u064a\u0646 \u0627\u0644\u0643\u0648\u062f \u0648\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u060c \u0645\u0645\u0627 \u064a\u0645\u0646\u0639 \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0623\u0648\u0627\u0645\u0631 \u0627\u0644\u062e\u0628\u064a\u062b\u0629.<\/p>\n
\u0645\u062b\u0627\u0644 \u0639\u0644\u0649 \u0643\u0648\u062f \u0622\u0645\u0646 \u0641\u064a PHP:<\/p>\n
\/\/ \u0643\u0648\u062f \u0622\u0645\u0646 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u0627\u0633\u062a\u0639\u0644\u0627\u0645\u0627\u062a \u0627\u0644\u0645\u064f\u0639\u062f\u0629\r\n$stmt = $conn->prepare(\"SELECT * FROM users WHERE username = ? AND password = ?\");\r\n$stmt->bind_param(\"ss\", $_POST['username'], $_POST['password']);\r\n$stmt->execute();\r\n$result = $stmt->get_result();\r\n\r\nif ($result->num_rows > 0) {\r\n    \/\/ \u062a\u0633\u062c\u064a\u0644 \u062f\u062e\u0648\u0644 \u0646\u0627\u062c\u062d \u0648\u0622\u0645\u0646\r\n} else {\r\n    \/\/ \u0641\u0634\u0644 \u062a\u0633\u062c\u064a\u0644 \u0627\u0644\u062f\u062e\u0648\u0644\r\n}<\/code><\/pre>\n
2. \u0647\u062c\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u0629 \u0639\u0628\u0631 \u0627\u0644\u0645\u0648\u0627\u0642\u0639 (Cross-Site Scripting – XSS)<\/h2>\n
\u062a\u062d\u062f\u062b \u062b\u063a\u0631\u0629 XSS \u0639\u0646\u062f\u0645\u0627 \u064a\u0642\u0648\u0645 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0628\u062d\u0642\u0646 \u0643\u0648\u062f JavaScript \u062e\u0628\u064a\u062b \u0641\u064a \u0645\u0648\u0642\u0639\u0643. \u0639\u0646\u062f\u0645\u0627 \u064a\u0632\u0648\u0631 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u0645\u0648\u0642\u0639\u060c \u064a\u062a\u0645 \u062a\u0646\u0641\u064a\u0630 \u0647\u0630\u0627 \u0627\u0644\u0643\u0648\u062f \u0641\u064a \u0645\u062a\u0635\u0641\u062d\u0647\u060c \u0645\u0645\u0627 \u0642\u062f \u064a\u0633\u0645\u062d \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0628\u0633\u0631\u0642\u0629 \u0645\u0644\u0641\u0627\u062a \u062a\u0639\u0631\u064a\u0641 \u0627\u0644\u0627\u0631\u062a\u0628\u0627\u0637 (cookies)\u060c \u0623\u0648 \u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u062c\u0644\u0633\u0629 (session data)\u060c \u0623\u0648 \u062d\u062a\u0649 \u0625\u0639\u0627\u062f\u0629 \u062a\u0648\u062c\u064a\u0647 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0625\u0644\u0649 \u0645\u0648\u0642\u0639 \u0622\u062e\u0631.<\/p>\n
\u0623\u0646\u0648\u0627\u0639 \u0647\u062c\u0645\u0627\u062a XSS<\/h3>\n
    \n
  • XSS \u0627\u0644\u0645\u0646\u0639\u0643\u0633\u0629 (Reflected XSS): \u064a\u062a\u0645 \u062d\u0642\u0646 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u062e\u0628\u064a\u062b \u0641\u064a \u0631\u0627\u0628\u0637 URL \u0648\u064a\u0639\u0648\u062f \u0645\u0628\u0627\u0634\u0631\u0629 \u0641\u064a \u0627\u0633\u062a\u062c\u0627\u0628\u0629 \u0627\u0644\u062e\u0627\u062f\u0645.<\/li>\n
  • XSS \u0627\u0644\u0645\u062e\u0632\u0646\u0629 (Stored XSS): \u064a\u062a\u0645 \u062a\u062e\u0632\u064a\u0646 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u062e\u0628\u064a\u062b \u0628\u0634\u0643\u0644 \u062f\u0627\u0626\u0645 \u0641\u064a \u0642\u0627\u0639\u062f\u0629 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a (\u0645\u062b\u0644 \u062a\u0639\u0644\u064a\u0642 \u0641\u064a \u0645\u062f\u0648\u0646\u0629)\u060c \u0648\u064a\u062a\u0645 \u062a\u0646\u0641\u064a\u0630\u0647 \u0641\u064a \u0643\u0644 \u0645\u0631\u0629 \u064a\u0632\u0648\u0631 \u0641\u064a\u0647\u0627 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u0635\u0641\u062d\u0629.<\/li>\n
  • XSS \u0627\u0644\u0645\u0633\u062a\u0646\u062f\u0629 \u0625\u0644\u0649 DOM (DOM-based XSS): \u062a\u062d\u062f\u062b \u0639\u0646\u062f\u0645\u0627 \u064a\u062a\u0645 \u062d\u0642\u0646 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u062e\u0628\u064a\u062b \u0648\u062a\u0639\u062f\u064a\u0644 \u0634\u062c\u0631\u0629 DOM \u0627\u0644\u062e\u0627\u0635\u0629 \u0628\u0627\u0644\u0635\u0641\u062d\u0629 \u0645\u0646 \u0642\u0628\u0644 \u0643\u0648\u062f JavaScript \u0627\u0644\u0639\u0627\u062f\u064a \u062f\u0648\u0646 \u062a\u062f\u062e\u0644 \u0645\u0646 \u0627\u0644\u062e\u0627\u062f\u0645.<\/li>\n<\/ul>\n
    \u0643\u064a\u0641 \u062a\u062d\u0645\u064a \u0646\u0641\u0633\u0643\u061f<\/h3>\n
    \u0642\u0645 \u062f\u0627\u0626\u0645\u064b\u0627 \u0628\u062a\u0639\u0642\u064a\u0645 (Sanitize) \u0623\u0648 \u062a\u0631\u0645\u064a\u0632 (Encode) \u0623\u064a \u0628\u064a\u0627\u0646\u0627\u062a \u0642\u0627\u062f\u0645\u0629 \u0645\u0646 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0642\u0628\u0644 \u0639\u0631\u0636\u0647\u0627. \u0647\u0630\u0627 \u064a\u062d\u0648\u0644 \u0627\u0644\u0631\u0645\u0648\u0632 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0627\u0644\u062e\u0627\u0635\u0629 \u0625\u0644\u0649 \u0646\u0635\u0648\u0635 \u0639\u0627\u062f\u064a\u0629 \u0644\u0627 \u064a\u0645\u0643\u0646 \u062a\u0646\u0641\u064a\u0630\u0647\u0627.<\/p>\n
    \u0645\u062b\u0627\u0644 \u0639\u0644\u0649 \u0643\u0648\u062f \u0622\u0645\u0646 \u0641\u064a JavaScript:<\/p>\n
    \/\/ \u0643\u0648\u062f \u0622\u0645\u0646 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 textContent \u0628\u062f\u0644\u0627\u064b \u0645\u0646 innerHTML\r\n\/\/ \u0647\u0630\u0627 \u064a\u0645\u0646\u0639 \u062a\u0646\u0641\u064a\u0630 \u0623\u064a \u0643\u0648\u062f JavaScript \u0645\u062d\u0642\u0648\u0646\r\nconst userInput = \"