Nothing Special   »   [go: up one dir, main page]

CN109067717B - Method and device for detecting SQL injection vulnerability - Google Patents

Method and device for detecting SQL injection vulnerability Download PDF

Info

Publication number
CN109067717B
CN109067717B CN201810805791.3A CN201810805791A CN109067717B CN 109067717 B CN109067717 B CN 109067717B CN 201810805791 A CN201810805791 A CN 201810805791A CN 109067717 B CN109067717 B CN 109067717B
Authority
CN
China
Prior art keywords
sql statement
injection
sql
determining
database
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810805791.3A
Other languages
Chinese (zh)
Other versions
CN109067717A (en
Inventor
李宇欣
赵培源
朱利军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xi'an Clover Cyber Technology Co ltd
Original Assignee
Xi'an Clover Cyber Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xi'an Clover Cyber Technology Co ltd filed Critical Xi'an Clover Cyber Technology Co ltd
Priority to CN201810805791.3A priority Critical patent/CN109067717B/en
Publication of CN109067717A publication Critical patent/CN109067717A/en
Application granted granted Critical
Publication of CN109067717B publication Critical patent/CN109067717B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention provides a method and a device for detecting SQL injection vulnerability, and relates to the technical field of network security. The problem of high missing report or false report rate of SQL injection detection can be solved. The specific technical scheme is as follows: determining an injection environment of an SQL statement, wherein the injection environment of the SQL statement is used for indicating at least one of a system type and a database type to be injected by the SQL statement; generating a payload of the SQL statement according to the injection environment of the SQL statement, wherein the payload is used for indicating to execute a corresponding command and returning a preset character after the execution is successful; sending the payload of the SQL statement to a server and receiving feedback information sent by the server; and when the feedback information contains the preset characters, determining that the server has a bug. The invention content disclosed by the invention can improve the accuracy and the nondestructive property of detecting the SQL injection vulnerability.

Description

Method and device for detecting SQL injection vulnerability
Technical Field
The invention relates to the technical field of network security, in particular to a method and a device for detecting SQL injection vulnerabilities.
Background
Structured Query Language (SQL) injection is a common vulnerability in web application security and is one of the common means for hackers to attack databases. In a web application with SQL injection, an attacker can exploit the code defects of the web application to fool a server into executing an inserted malicious SQL command by inserting the SQL command into any application parameter value that can affect a database query, thereby obtaining sensitive information of the web application and even controlling the entire server of the web application. With the development of B/S mode application development, more and more programmers write application programs by using the mode. However, since the level and experience of programmers are also uneven, a considerable number of programmers do not judge the legality of data input by a user when writing codes, and thus potential safety hazards exist in application programs. For example, some malicious attackers may submit a section of database query code and obtain illegal data according to the result returned by the program. Most of the existing methods for detecting SQL injection vulnerabilities have false reports and false reports with certain probability, and destructive detection may occur in the detection process, such as revealing the types of databases, database versions, user information, even passwords and other information. Meanwhile, data in the database may be modified or even deleted, so that the data in the database is damaged. Therefore, it is necessary to design an accurate and effective SQL injection detection method to detect the SQL injection vulnerability so as to prevent the SQL injection attack.
Disclosure of Invention
The embodiment of the disclosure provides a method and a device for detecting an SQL injection vulnerability, which can reduce or avoid the missing report or false report rate of SQL injection detection in the related technology, and improve the accuracy of SQL injection vulnerability detection. The technical scheme is as follows:
according to a first aspect of the embodiments of the present disclosure, a method for detecting an SQL injection vulnerability is provided, which is applied to a terminal, and the method includes:
determining an injection environment of an SQL statement, wherein the injection environment of the SQL statement is used for indicating at least one of a system type and a database type to be injected by the SQL statement;
generating a payload of the SQL statement according to the injection environment of the SQL statement, wherein the payload is used for indicating to execute a corresponding command and returning a preset character after the execution is successful;
sending the payload of the SQL statement to a server;
receiving feedback information sent by the server;
and when the feedback information contains the preset characters, determining that the server has a bug.
In an alternative embodiment, the system type includes at least one of: content management system CMS, automated office system OA; the determining the injection environment of the SQL structured query language statement comprises the following steps: and receiving preset fingerprint verification identification and determining a corresponding operating system.
In an alternative embodiment, the database type includes at least one of: MySQL database, MSSQL database, Oracle database.
In an optional embodiment, generating the payload of the SQL statement according to the injection environment of the SQL statement comprises: determining a corresponding preset execution rule according to the injection environment; and generating the effective load of the SQL statement according to the preset execution rule.
The technical scheme of the SQL injection vulnerability detection disclosed by the embodiment detects different detection loads according to different structures of the injection environment, and improves the accuracy of the SQL injection vulnerability detection.
According to a second aspect of the embodiments of the present disclosure, a method for detecting an SQL injection vulnerability is provided, which is applied to a server, and the method includes:
receiving the effective load of the SQL statement sent by the terminal; wherein the payload is generated according to the determined injection environment of the SQL statement; the injection environment of the SQL statement is used for indicating at least one of a system type and a database type to be injected by the SQL statement;
according to the effective load, executing a corresponding command indicated by the effective load;
sending feedback information of an execution result to the terminal; and when the feedback information contains the preset characters, determining that the server has a vulnerability.
According to a third aspect of the embodiments of the present disclosure, an apparatus for detecting an SQL injection vulnerability is applied to a terminal, the apparatus includes: the device comprises a determining module, a generating module, a communication module and a judging module; wherein,
the determining module is used for determining an injection environment of the SQL statement, wherein the injection environment of the SQL statement is used for indicating at least one of a system type and a database type to be injected by the SQL statement;
the generating module is used for generating a payload of the SQL statement according to the injection environment of the SQL statement, wherein the payload is used for indicating to execute a corresponding command and returning a preset character after the execution is successful;
the communication module is used for sending the effective load of the SQL statement to a server;
the communication module is also used for receiving feedback information sent by the server;
the judging module is used for determining that the server has a bug when the feedback information contains the preset character.
In an optional embodiment, the system type determined by the determination module comprises at least one of: content management system CMS, automated office system OA; the determining module is used for determining the injection environment of the SQL structured query language statement and comprises the following steps: and receiving preset fingerprint verification identification and determining a corresponding operating system.
In an optional embodiment, the type of database determined by the determination module comprises at least one of: MySQL database, MSSQL database, Oracle database.
In an optional embodiment, the generating module is specifically configured to: determining a corresponding preset execution rule according to the injection environment; and generating the effective load of the SQL statement according to the preset execution rule.
According to a fourth aspect of the embodiments of the present disclosure, an apparatus for detecting an SQL injection vulnerability is applied to a server, the apparatus includes: the device comprises: the system comprises a communication module and an execution module; wherein,
the communication module is used for receiving the effective load of the SQL statement sent by the terminal; wherein the payload is generated according to the determined injection environment of the SQL statement; the injection environment of the SQL statement is used for indicating at least one of a system type and a database type to be injected by the SQL statement;
the execution module is used for executing a corresponding command indicated by the effective load according to the effective load;
the communication module is also used for sending feedback information of the execution result to the terminal; and when the feedback information contains the preset characters, determining that the server has a vulnerability.
Compared with the related technology, the method and the device for detecting the SQL injection vulnerability perform distinguishing judgment on different SQL injection types and different databases during the SQL injection vulnerability detection, and achieve the SQL injection vulnerability detection accuracy by compiling corresponding and accurate detection load Payload.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
Fig. 1 is a flowchart of a method for detecting an SQL injection vulnerability according to an embodiment of the present disclosure;
fig. 2 is a flowchart of a method for detecting an SQL injection vulnerability according to an embodiment of the present disclosure;
fig. 3 is a schematic logical layer structure diagram of an apparatus for detecting an SQL injection vulnerability according to an embodiment of the present disclosure.
Fig. 4 is a schematic logical layer structure diagram of an apparatus for detecting an SQL injection vulnerability according to an embodiment of the present disclosure.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims. The first and second appearing in the following exemplary embodiments are merely for convenience of description for distinguishing objects, and do not have any order or flow limitation.
The embodiment of the present disclosure provides a method for detecting an SQL injection vulnerability, which is applied to a terminal, and as shown in fig. 1, the detection method includes the following steps:
101. determining an injection environment of an SQL statement, wherein the injection environment of the SQL statement is used for indicating at least one of a system type and a database type to be injected by the SQL statement;
102. generating a payload of the SQL statement according to the injection environment of the SQL statement, wherein the payload is used for indicating to execute a corresponding command and returning a preset character after the execution is successful;
103. sending the payload of the SQL statement to a server and receiving feedback information sent by the server;
104. and when the feedback information contains the preset characters, determining that the server has a bug.
The technical scheme of the SQL injection vulnerability detection disclosed by the embodiment detects different detection loads according to different structures of the injection environment, and improves the accuracy of the SQL injection vulnerability detection.
In an optional embodiment, before generating the payload, the method further includes calling a predetermined program language library, such as a Python library, determining a management system of the injection environment, and setting a URL (Uniform Resource Locator).
In an alternative embodiment, the system type includes at least one of: content management system CMS, automated office system OA; the determining the injection environment of the SQL structured query language statement comprises the following steps: and receiving preset fingerprint verification identification and determining a corresponding operating system. For example, fingerprint identification is performed by a method of fingerprint scanning authentication fingerprint, and when the received fingerprint is successfully matched with the pre-stored fingerprint information, a corresponding system such as the content management system CMS or the automatic office system OA is identified.
In an alternative embodiment, the database type includes at least one of: MySQL database, MSSQL database, Oracle database.
Compared with the related technologies, the technical schemes disclosed by the two embodiments perform distinguishing judgment on different SQL injection types and different databases during SQL injection vulnerability detection, and achieve the accuracy of the SQL injection vulnerability detection by writing corresponding and accurate Payload. Meanwhile, the detection method reduces the difficulty and time of compiling the plug-in, thereby solving the problem that the traditional detection method cannot deal with the emergency in time.
In an optional embodiment, generating the payload of the SQL statement according to the injection environment of the SQL statement comprises: determining a corresponding preset execution rule according to the injection environment; and generating the effective load of the SQL statement according to the preset execution rule. The preset rule includes at least one of: preset coded data and coding mode, preset encrypted data and encryption mode, such as MD5 algorithm.
The embodiment of the present disclosure provides a method for detecting an SQL injection vulnerability, which is applied to a server, and as shown in fig. 2, the detection method includes the following steps:
201. receiving the effective load of the SQL statement sent by the terminal; wherein the payload is generated according to the determined injection environment of the SQL statement; the injection environment of the SQL statement is used for indicating at least one of a system type and a database type to be injected by the SQL statement;
202. according to the effective load, executing a corresponding command indicated by the effective load;
203. sending feedback information of an execution result to the terminal; and when the feedback information contains the preset characters, determining that the server has a vulnerability.
Based on the technical solutions disclosed in the embodiments respectively corresponding to fig. 1 and 2 and the above optional embodiments, in order to further fully disclose the inventive content of the present disclosure, the following embodiments further disclose the implementation process of the vulnerability detection method of the present invention.
Firstly, a terminal determines an operating system of an SQL (structured query language) statement. Firstly, importing a predetermined program language library, such as a python library, receiving target fingerprint information matched with original preset fingerprint information, and identifying a content management system CMS or an automatic office system OA system and other systems corresponding to the preset fingerprint information.
And secondly, the terminal constructs an initial detection load. And setting a target URL according to the injection environment of the SQL statement and generating a first detection load.
And thirdly, the terminal determines the database type of the SQL structured query language statement. And constructing the initial detection load of the second step according to SQL sentences of different databases such as MySQL, MSSQL, Oracle and the like to generate a second detection load.
And fourthly, the terminal encodes the second detection load according to corresponding preset encoding rules or encryption rules under different injection environments of the SQL statement to generate the effective detection load.
And fifthly, the terminal sends the effective load of the SQL statement to a server.
Sixthly, the server executes the payload indication according to the preset rule, analyzes and calculates the payload, and sends the feedback information of the analysis and calculation to the terminal
And step seven, the terminal receives the feedback information sent by the server.
And sixthly, the terminal determines that the server has a bug when the feedback information contains the preset character.
For a clearer introduction, in the following embodiments, the implementation process of vulnerability detection will be described in conjunction with the Payload generated by the SQL statements corresponding to different databases.
In the first example, when the injection environment is a MySQL database, the implementation process is briefly as follows:
generating a corresponding payload, namely a payload constructed according to the preset MD5 rule:
xajax=LiveMessage&xajaxargs[0][name]=1',(SELECT 1FROM(select
count(*),concat(floor(rand(0)*2),(select MD5(233)))a from
information_schema.tables group by a)b),”,”,”,'1','127.0.0.1','2')#
the server executes the corresponding command indicated by the payload, that is, the server analyzes the payload to obtain the feedback information, specifically, the server performs MD5 calculation on "233" to obtain the value.
Judging the SQL injection vulnerability of the server: and outputting a result calculation value e165421110ba03099a1c0393373c5b43, and determining that the server has a vulnerability when the feedback information contains the preset characters.
Example two, the injection environment is an MSSQL database, and the implementation process is briefly as follows:
generating a corresponding payload, namely a payload constructed according to the preset MD5 rule:
payload='Kingdee/disk/get_file.jspfile_id=11)and 1=2UNION SELECT 1,2,3,4,5,6,7,sys.fn_varbintohexstr(hashbytes('MD5','1234')),9,10--'
the server executes the corresponding command indicated by the payload, that is, the server analyzes the payload to obtain feedback information, specifically, the server performs MD5 calculation on "1234".
Judging the SQL injection vulnerability of the server: and outputting a result calculation value MD5(1234), and determining that the server has a vulnerability when the feedback information contains the preset characters.
Example two, the injection environment is an Oracle database, and the brief implementation process is as follows:
generating a corresponding payload, namely a payload constructed according to the preset MD5 rule: jspdell ═ 1& reportlist ═ 1UNION ALL SELECT NULL, NULL-rgsycgaon, NULL FROM-
Since Oracle is complex to implement for the input MD5 value, several random characters are output in succession to randomize the decision string. I.e. after encoding a string.
The converted Payload is:
feReport/chartList.jspdelId=1&reportId=1UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(98)||CHR(118)||CHR(117)||CHR(101)||CHR(103)||CHR(114)||CHR(115)||CHR(121)||CHR(99)||CHR(103)||CHR(97)||CHR(111)||CHR(110)||CHR(111)||CHR(100),NULL,NULL,NULL FROM DUAL—
and the server executes the corresponding command indicated by the converted effective load for analysis.
Judging the SQL injection vulnerability of the server: and outputting a result bvuegrsyscgaonod, and determining that the server has a bug when the feedback information contains the preset character. The SQL injection vulnerability detection technical solution disclosed in the foregoing embodiment determines that the error is reported and the echo injection uses encoded or encrypted data by encoding or encrypting Payload, and directly outputs an encoded or encrypted value, such as MD5, in the result. The information of the database or the content in the database cannot be returned to the page to be displayed, so that information leakage and database related data leakage are caused, data confidentiality in the injection detection process is realized, data tampering caused by malicious attack is prevented, and nondestructive detection is achieved.
Based on the method for detecting a file upload vulnerability described in the corresponding embodiment of fig. 1, the following is an embodiment of the apparatus of the present disclosure, and may be used to execute the embodiment of the method of the present disclosure. The embodiment provides a vulnerability detection apparatus, as shown in fig. 3, the apparatus includes: a 301 determining module, a 302 generating module, a 303 communication module and a 304 judging module; wherein,
the determining module is used for determining an injection environment of the SQL statement, wherein the injection environment of the SQL statement is used for indicating at least one of a system type and a database type to be injected by the SQL statement;
the generating module is used for generating a payload of the SQL statement according to the injection environment of the SQL statement, wherein the payload is used for indicating to execute a corresponding command and returning a preset character after the execution is successful;
the communication module is used for sending the effective load of the SQL statement to a server;
the communication module is also used for receiving feedback information sent by the server;
the judging module is used for determining that the server has a bug when the feedback information contains the preset character.
In an optional embodiment, the system type determined by the determination module comprises at least one of: content management system CMS, automated office system OA; the determining module is used for determining the injection environment of the SQL structured query language statement and comprises the following steps: and receiving preset fingerprint verification identification and determining a corresponding operating system.
In an optional embodiment, the type of database determined by the determination module comprises at least one of: MySQL database, MSSQL database, Oracle database.
In an optional embodiment, the generating module is specifically configured to: determining a corresponding preset execution rule according to the injection environment; and generating the effective load of the SQL statement according to the preset execution rule.
Based on the method for detecting a file upload vulnerability described in the corresponding embodiment of fig. 2, the following is an embodiment of the apparatus of the present disclosure, and may be used to execute the embodiment of the method of the present disclosure. The embodiment provides a vulnerability detection apparatus, as shown in fig. 4, the apparatus includes: : a 401 communication module and a 402 execution module; wherein,
the communication module is used for receiving the effective load of the SQL statement sent by the terminal; wherein the payload is generated according to the determined injection environment of the SQL statement; the injection environment of the SQL statement is used for indicating at least one of a system type and a database type to be injected by the SQL statement;
the execution module is used for executing a corresponding command indicated by the effective load according to the effective load;
the communication module is also used for sending feedback information of the execution result to the terminal; and when the feedback information contains the preset characters, determining that the server has a vulnerability.
Based on the methods for detecting SQL injection vulnerabilities described in the embodiments respectively corresponding to fig. 1 and 2 above, embodiments of the present disclosure further provide a computer-readable storage medium, for example, the non-transitory computer-readable storage medium may be a Read Only Memory (ROM), a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like. The storage medium stores computer instructions for executing the data transmission methods described in the embodiments respectively corresponding to fig. 1 and 2, and details thereof are not repeated here.
Compared with the related technology, the method and the device for detecting the SQL injection vulnerability perform distinguishing judgment on different SQL injection types and different databases during the SQL injection vulnerability detection, and achieve the SQL injection vulnerability detection accuracy by compiling the corresponding and accurate Payload for effective detection. Meanwhile, the technical scheme of SQL injection vulnerability detection disclosed in this embodiment determines that the error is reported and the coded or encrypted data is used for echo injection by coding or encrypting the Payload, so that the relevant data of the database is not revealed, data confidentiality during the injection detection process is realized, the data is prevented from being tampered by malicious attack, and therefore lossless detection is achieved. Meanwhile, the detection method reduces the difficulty and time of compiling the plug-in, thereby solving the problem that the traditional detection method cannot deal with the emergency in time.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims (10)

1. A method for detecting SQL injection vulnerability is applied to a terminal, and is characterized in that the method comprises the following steps:
determining an injection environment of an SQL statement, wherein the injection environment of the SQL statement is used for indicating at least one of a system type and a database type to be injected by the SQL statement;
generating a payload of the SQL statement according to the injection environment of the SQL statement, wherein the payload is used for indicating to execute a corresponding command and returning a preset character after the execution is successful;
sending the payload of the SQL statement to a server and receiving feedback information sent by the server;
when the feedback information contains the preset characters, determining that the server has a bug;
the generating the payload of the SQL statement according to the injection environment of the SQL statement comprises:
generating a first detection load according to the type of the system to be injected by the SQL statement; according to the type of the database to be injected with the SQL statement, the first detection load is constructed to generate a second detection load; and coding the second detection load according to corresponding preset coding rules or encryption rules under different injection environments of the SQL statement to generate an effective detection load.
2. The method of claim 1, wherein the system type comprises at least one of: content management system CMS, automated office system OA; the determining the injection environment of the SQL structured query language statement comprises the following steps: and receiving preset fingerprint verification identification and determining a corresponding operating system.
3. The method of claim 1, wherein the database type comprises at least one of: MySQL database, MSSQL database, Oracle database.
4. The method according to any of claims 1-3, wherein generating the payload of the SQL statement according to the injection environment of the SQL statement comprises:
determining a corresponding preset execution rule according to the injection environment;
and generating the effective load of the SQL statement according to the preset execution rule.
5. A method for detecting SQL injection vulnerability is applied to a server, and is characterized by comprising the following steps:
receiving the effective load of the SQL statement sent by the terminal; wherein the payload is generated according to the determined injection environment of the SQL statement; the injection environment of the SQL statement is used for indicating at least one of a system type and a database type to be injected by the SQL statement; wherein the generating of the payload according to the determined injection environment of the SQL statement comprises: generating a first detection load according to the type of the system to be injected by the SQL statement; according to the type of the database to be injected with the SQL statement, the first detection load is constructed to generate a second detection load; coding a second detection load according to corresponding coding rules or encryption rules preset under different injection environments of the SQL statement to generate an effective detection load;
according to the effective load, executing a corresponding command indicated by the effective load;
sending feedback information of an execution result to the terminal; and when the feedback information contains the preset characters, determining that the server has a vulnerability.
6. The utility model provides a detect device of SQL injection hole, is applied to the terminal station, its characterized in that, the device includes: the device comprises a determining module, a generating module, a communication module and a judging module; wherein,
the determining module is used for determining an injection environment of the SQL statement, wherein the injection environment of the SQL statement is used for indicating at least one of a system type and a database type to be injected by the SQL statement;
the generating module is used for generating a payload of the SQL statement according to the injection environment of the SQL statement, wherein the payload is used for indicating to execute a corresponding command and returning a preset character after the execution is successful; the generating module is used for generating a first detection load according to the type of the system to be injected by the SQL statement; according to the type of the database to be injected with the SQL statement, the first detection load is constructed to generate a second detection load; coding a second detection load according to corresponding coding rules or encryption rules preset under different injection environments of the SQL statement to generate an effective detection load;
the communication module is used for sending the effective load of the SQL statement to a server;
the communication module is also used for receiving feedback information sent by the server;
the judging module is used for determining that the server has a bug when the feedback information contains the preset character.
7. The apparatus of claim 6, wherein the system type determined by the determining module comprises at least one of: content management system CMS, automated office system OA;
the determining module is used for determining the injection environment of the SQL structured query language statement and comprises the following steps: and receiving preset fingerprint verification identification and determining a corresponding operating system.
8. The apparatus of claim 6, wherein the database type determined by the determining module comprises at least one of:
MySQL database, MSSQL database, Oracle database.
9. The apparatus according to any one of claims 6 to 8, wherein the generating module is specifically configured to:
determining a corresponding preset execution rule according to the injection environment;
and generating the effective load of the SQL statement according to the preset execution rule.
10. The utility model provides a detect device of SQL injection vulnerability, is applied to server, its characterized in that, the device includes: the device comprises: the system comprises a communication module and an execution module; wherein,
the communication module is used for receiving the effective load of the SQL statement sent by the terminal; wherein the payload is generated according to the determined injection environment of the SQL statement; the injection environment of the SQL statement is used for indicating at least one of a system type and a database type to be injected by the SQL statement, wherein the generating of the payload according to the determined injection environment of the SQL statement comprises: generating a first detection load according to the type of the system to be injected by the SQL statement; according to the type of the database to be injected with the SQL statement, the first detection load is constructed to generate a second detection load; coding a second detection load according to corresponding coding rules or encryption rules preset under different injection environments of the SQL statement to generate an effective detection load;
the execution module is used for executing a corresponding command indicated by the effective load according to the effective load;
the communication module is also used for sending feedback information of the execution result to the terminal; and when the feedback information contains the preset characters, determining that the server has a vulnerability.
CN201810805791.3A 2018-07-20 2018-07-20 Method and device for detecting SQL injection vulnerability Active CN109067717B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810805791.3A CN109067717B (en) 2018-07-20 2018-07-20 Method and device for detecting SQL injection vulnerability

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810805791.3A CN109067717B (en) 2018-07-20 2018-07-20 Method and device for detecting SQL injection vulnerability

Publications (2)

Publication Number Publication Date
CN109067717A CN109067717A (en) 2018-12-21
CN109067717B true CN109067717B (en) 2021-06-11

Family

ID=64835018

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810805791.3A Active CN109067717B (en) 2018-07-20 2018-07-20 Method and device for detecting SQL injection vulnerability

Country Status (1)

Country Link
CN (1) CN109067717B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110933041B (en) * 2019-11-06 2021-11-16 西安四叶草信息技术有限公司 Penetration testing method and related device
CN112039900B (en) * 2020-09-02 2022-08-26 平安科技(深圳)有限公司 Network security risk detection method, system, computer device and storage medium
CN113852638B (en) * 2021-09-28 2024-02-27 深信服科技股份有限公司 Attack detection method, device, equipment and storage medium
CN114640530B (en) * 2022-03-24 2023-12-29 深信服科技股份有限公司 Data leakage detection method and device, electronic equipment and readable storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101388763A (en) * 2007-09-12 2009-03-18 北京启明星辰信息技术有限公司 SQL injection attack detection system supporting multiple database types
CN103559444A (en) * 2013-11-05 2014-02-05 星云融创(北京)信息技术有限公司 Sql (Structured query language) injection detection method and device
CN105160252A (en) * 2015-08-10 2015-12-16 北京神州绿盟信息安全科技股份有限公司 Method and apparatus for detecting structured query language injection attack
CN107169023A (en) * 2017-04-07 2017-09-15 广东精点数据科技股份有限公司 Data lineage analysis system and method based on sql semantic automatic analysis
CN107203718A (en) * 2017-06-15 2017-09-26 深信服科技股份有限公司 A kind of detection method and system of sql command injection

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105141647B (en) * 2014-06-04 2018-09-21 中国银联股份有限公司 A kind of method and system of detection Web applications
US10108667B2 (en) * 2016-03-07 2018-10-23 International Business Machines Corporation Query plan optimization for large payload columns

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101388763A (en) * 2007-09-12 2009-03-18 北京启明星辰信息技术有限公司 SQL injection attack detection system supporting multiple database types
CN103559444A (en) * 2013-11-05 2014-02-05 星云融创(北京)信息技术有限公司 Sql (Structured query language) injection detection method and device
CN105160252A (en) * 2015-08-10 2015-12-16 北京神州绿盟信息安全科技股份有限公司 Method and apparatus for detecting structured query language injection attack
CN107169023A (en) * 2017-04-07 2017-09-15 广东精点数据科技股份有限公司 Data lineage analysis system and method based on sql semantic automatic analysis
CN107203718A (en) * 2017-06-15 2017-09-26 深信服科技股份有限公司 A kind of detection method and system of sql command injection

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
新型二阶SQL注入技术研究;乐德广等;《通信学报》;20151130;85-92页 *

Also Published As

Publication number Publication date
CN109067717A (en) 2018-12-21

Similar Documents

Publication Publication Date Title
CN109067717B (en) Method and device for detecting SQL injection vulnerability
Wei et al. Preventing SQL injection attacks in stored procedures
CN109376078B (en) Mobile application testing method, terminal equipment and medium
CN110225029B (en) Injection attack detection method, device, server and storage medium
CN103996007A (en) Testing method and system for Android application permission leakage vulnerabilities
CN104123497A (en) SQL injection prevention method, device and system
CN102664876A (en) Method and system for detecting network security
CN102244659A (en) Execution method and apparatus of security policy script and security policy system
US20120131668A1 (en) Policy-Driven Detection And Verification Of Methods Such As Sanitizers And Validators
CN105488400A (en) Comprehensive detection method and system of malicious webpage
CN112464212A (en) Data authority control reconstruction method based on mature complex service system
CN113190838A (en) Web attack behavior detection method and system based on expression
CN110879889A (en) Method and system for detecting malicious software of Windows platform
CN113190839A (en) Web attack protection method and system based on SQL injection
CN111131303A (en) Request data verification system and method
CN111143808B (en) System security authentication method and device, computing equipment and storage medium
US20200265135A1 (en) Protecting a software program against tampering
Alsahafi SQL injection attacks: Detection and prevention techniques
CN118036009A (en) Method and device for processing security vulnerabilities and electronic equipment
US9122878B1 (en) Software license management with drifting component
Agarwal et al. A Survey of SQL injection attacks
Sheykhkanloo A pattern recognition neural network model for detection and classification of SQL injection attacks
Asha et al. Preventing sql injection attacks
CN115225341B (en) Website access method and device
CN115758374B (en) Account enumeration vulnerability detection method, system and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant