CN109657472B - SQL injection vulnerability detection method, device, equipment and readable storage medium - Google Patents

SQL injection vulnerability detection method, device, equipment and readable storage medium Download PDF

Info

Publication number
CN109657472B
CN109657472B CN201811188829.3A CN201811188829A CN109657472B CN 109657472 B CN109657472 B CN 109657472B CN 201811188829 A CN201811188829 A CN 201811188829A CN 109657472 B CN109657472 B CN 109657472B
Authority
CN
China
Prior art keywords
request
response page
url
sequence
response
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811188829.3A
Other languages
Chinese (zh)
Other versions
CN109657472A (en
Inventor
何双宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201811188829.3A priority Critical patent/CN109657472B/en
Priority to PCT/CN2018/122811 priority patent/WO2020073493A1/en
Publication of CN109657472A publication Critical patent/CN109657472A/en
Application granted granted Critical
Publication of CN109657472B publication Critical patent/CN109657472B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a SQL injection vulnerability detection method, a device, equipment and a readable storage medium, wherein the method comprises the following steps: after a Uniform Resource Locator (URL) request of a website to be tested is obtained, determining a detection point of the URL request, and constructing a sequence request of the detection point corresponding to a Boolean logic parameter; obtaining response pages obtained after the URL request and the sequence request are executed, and carrying out similarity analysis on the response pages to obtain similarity values between response pages corresponding to the URL request and response pages corresponding to each request in the sequence request; and if the similarity value meets a preset condition, determining that the URL request has SQL injection loopholes. According to the method and the device for detecting the SQL injection holes, whether the SQL injection holes exist in the URL request is judged according to the similarity between the response pages, so that the accuracy of detecting the SQL injection holes is improved.

Description

SQL injection vulnerability detection method, device, equipment and readable storage medium
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method, an apparatus, a device, and a readable storage medium for detecting an SQL injection vulnerability.
Background
The current detection method for SQL (Structured Query Language ) injection holes is based on Boolean judgment. In the aspect of detecting sequence requests, the conventional SQL injection vulnerability detection method based on Boolean judgment generally comprises the steps of requesting an original URL once, constructing a logical true SQL statement parameter value once again, and requesting a logical false SQL statement parameter value once for 3 times. When comparing and judging web site response pages of multiple requests, it is generally determined whether SQL injection holes exist according to the message Length (Content-Length) of web site response. However, due to network fluctuation, instability factors such as server load state change and the like, and the occurrence of dynamic web pages in the web2.0 era, the accuracy of detecting whether SQL injection holes exist in URL requests through Boolean judgment is low.
Disclosure of Invention
The invention mainly aims to provide a method, a device and equipment for detecting SQL injection holes and a readable storage medium, and aims to solve the technical problem that the existing method for detecting SQL injection holes is low in accuracy.
In order to achieve the above object, the present invention provides a method for detecting an SQL injection vulnerability, the method for detecting an SQL injection vulnerability comprising the steps of:
After a Uniform Resource Locator (URL) request of a website to be tested is obtained, determining a detection point of the URL request, and constructing a sequence request of the detection point corresponding to a Boolean logic parameter;
obtaining response pages obtained after the URL request and the sequence request are executed, and carrying out similarity analysis on the response pages to obtain similarity values between response pages corresponding to the URL request and response pages corresponding to each request in the sequence request;
and if the similarity value meets a preset condition, determining that the URL request has SQL injection loopholes.
Preferably, the step of constructing a sequence request of the detection point corresponding to the boolean logic parameter includes:
constructing a request of logical true condition for each detection point in the URL request, and marking the request as a first true request;
constructing a request of logic false condition for each detection point in the URL request, which is marked as a first false request, so as to form a sequence request comprising the first true request and the first false request.
Preferably, the step of constructing a request of logical dummy condition for each detection point in the URL request, denoted as a first dummy request, to form a sequence request including the first true request and the first dummy request includes:
Constructing a request of logic false condition for each detection point in the URL request, marking the request as a first false request, constructing a confirmation request of logic true condition for the first true request, marking the request as a second true request;
constructing a validation request of a logical false condition for the first false request, denoted as a second false request, to form a sequence request comprising the first true request, the first false request, the second true request, and the second false request.
Preferably, the step of determining that the URL request has an SQL injection vulnerability if the similarity value satisfies a preset condition includes:
if the first Jacquard coefficient between the first response page corresponding to the URL request and the second response page corresponding to the first real request is determined to be larger than a first threshold value, judging whether the second Jacquard coefficient between the first response page and the third response page corresponding to the first real request is smaller than a second threshold value or not;
and if the second Jaccard coefficient is smaller than the second threshold value, determining that the URL request has SQL injection loopholes.
Preferably, the step of determining that the URL request has an SQL injection vulnerability if the similarity value satisfies a preset condition includes:
If the first Jacquard coefficient between the first response page corresponding to the URL request and the second response page corresponding to the first real request is determined to be larger than a first threshold value, judging whether the second Jacquard coefficient between the first response page and the third response page corresponding to the first real request is smaller than a second threshold value or not;
if the second Jacquard coefficient is smaller than the second threshold value, determining a third Jacquard coefficient between the first response page and a fourth response page corresponding to the second real request, and calculating a first difference value between the third Jacquard coefficient and the first Jacquard coefficient;
if the first difference value is smaller than a third threshold value, determining a fourth Jacquard coefficient between the first response page and a fifth response page corresponding to the second fake request, and calculating a second difference value between the fourth Jacquard coefficient and the second Jacquard coefficient;
and if the second difference value is smaller than a fourth threshold value, determining that SQL injection holes exist in the URL request.
Preferably, the step of obtaining a response page obtained after the URL request and the sequence request are executed, and performing similarity analysis on the response page to obtain a similarity value between the response page corresponding to the URL request and the response page corresponding to each request in the sequence request includes:
Acquiring response pages obtained by executing the URL request and the sequence request correspondingly, and calculating a Jaccard coefficient between a first response page corresponding to the URL request and each sequence response page corresponding to the sequence request;
and correspondingly taking the Jaccard coefficient as a similarity value between the first response page and each sequence response page.
Preferably, the step of obtaining the response page obtained after the execution of the sequence request, and calculating a jaccard coefficient between the first response page corresponding to the URL request and each sequence response page corresponding to the sequence request includes:
acquiring response pages corresponding to the URL request and the sequence request, and dividing texts corresponding to the first response page and the sequence response page into character segments according to preset line-wrapping symbols;
dividing the character segment into character strings according to preset separators, and correspondingly obtaining elements corresponding to the first response page and the sequence response page;
and calculating an intersection and a union of elements between the first response page and each sequence response page, and dividing the intersection by the corresponding union to obtain a corresponding Jacquard coefficient.
In addition, in order to achieve the above object, the present invention further provides an SQL injection vulnerability detection device, where the SQL injection vulnerability detection device includes:
the determining module is used for determining a detection point of the URL request after acquiring the URL request of the uniform resource locator of the website to be tested;
the construction module is used for constructing a sequence request of the detection point corresponding to the Boolean logic parameter;
the acquisition module is used for acquiring a response page obtained after the URL request and the sequence request are executed;
the analysis module is used for carrying out similarity analysis on the response pages to obtain similarity values between the response pages corresponding to the URL requests and the response pages corresponding to each request in the sequence requests;
and the determining module is further configured to determine that the URL request has an SQL injection vulnerability if the similarity value satisfies a preset condition.
In addition, in order to achieve the above object, the present invention also provides an SQL injection vulnerability detection device, where the SQL injection vulnerability detection device includes a memory, a processor, and an SQL injection vulnerability detection program stored on the memory and capable of running on the processor, where the SQL injection vulnerability detection program when executed by the processor implements the steps of the SQL injection vulnerability detection method as described above.
In addition, in order to achieve the above object, the present invention further provides a computer readable storage medium, on which an SQL injection vulnerability detection program is stored, the SQL injection vulnerability detection program implementing the steps of the SQL injection vulnerability detection method described above when executed by a processor.
The invention constructs a sequence request of the corresponding Boolean logic parameter of the URL request detection point, executes the URL request and the URL request corresponding to the sequence request, acquires a response page obtained after the URL request and the sequence request are executed, carries out similarity analysis on the response page, and obtains a similarity value between the response page corresponding to the URL request and the response page corresponding to each request in the sequence request; if the similarity value meets the preset condition, determining that the SQL injection vulnerability exists in the URL request, and judging whether the SQL injection vulnerability exists in the URL request according to the similarity between the response pages, so that the accuracy of detecting the SQL injection vulnerability is improved.
Drawings
FIG. 1 is a flow chart of a preferred embodiment of the SQL injection vulnerability detection method of the present invention;
FIG. 2 is a block diagram of a SQL injection vulnerability detection device according to the preferred embodiment of the invention;
FIG. 3 is a schematic diagram of a hardware operating environment according to an embodiment of the present invention.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Referring to fig. 1, fig. 1 is a flow chart of a preferred embodiment of the SQL injection vulnerability detection method of the present invention.
Embodiments of the present invention provide embodiments of SQL injection vulnerability detection methods, it being noted that although a logical order is shown in the flow chart, in some cases the steps shown or described may be performed in a different order than that shown or described herein.
The SQL injection vulnerability detection method is applied to a server or a terminal, and the terminal can comprise a mobile terminal such as a mobile phone, a tablet computer, a notebook computer, a palm computer, a personal digital assistant (Personal Digital Assistant, PDA) and a fixed terminal such as a digital TV, a desktop computer and the like. In various embodiments of the SQL injection vulnerability detection method, the execution body is omitted for ease of description to illustrate the various embodiments. The SQL injection vulnerability detection method comprises the following steps:
Step S10, after obtaining a URL request of a website to be tested, determining a detection point of the URL request, and constructing a sequence request of the detection point corresponding to a Boolean logic parameter.
After the URL request of the website to be tested is obtained, a detection point in the URL request is determined, and a sequence request of the Boolean logic parameter corresponding to the detection point is constructed. Wherein one URL request corresponds to at least one detection point. The URL detection point is where all users of the HTTP (Hyper Text Transfer Protocol ) protocol Request initiated to the web site can construct an input when a Request is initiated to the web site by accessing one URL. Such as GET parameters, form parameters of POST, JSON (JavaScript Object Notation ) format data values of POST, header fields of Request, etc. If a certain URL request is: http:// www.test.com/testparam_a=1, then GET parameter param_a is a detection point. The URL request is an initial request entered into a website by means of a web crawler or web traffic.
The sequence request of the structured boolean logic parameter includes at least one logical true URL request and one logical false URL request. If there are multiple detection points in the URL request, a sequence request of corresponding boolean logic parameters needs to be constructed for each detection point. As for the URL request described above, a request for constructing a logically true parameter value at the parameter value of the URL detection point param_a, i.e. a URL request for constructing a logically true condition, e.g. a URL request for a logically true condition may be expressed as http:// www.test.com/testparam_a=1 and 1=1, where "and 1=1" is the structured boolean logically true SQL (Structured Query Language ) statement; a request for constructing a logically false parameter value at the parameter value of URL detection point param_a, i.e. a URL request for constructing a logically false condition, e.g. a URL request for a logically false condition may be expressed as http:// www.test.com/testparam_a=1and 1=2, where "and 1=2" is a structured boolean logically false SQL statement.
Step S20, obtaining response pages obtained after the URL request and the sequence request are executed, and carrying out similarity analysis on the response pages to obtain similarity values between the response pages corresponding to the URL request and the response pages corresponding to each request in the sequence request.
After constructing a sequence request of a detection point pair Ying Buer logic parameter of a URL request, executing the URL request in a website to be tested, executing each URL request corresponding to the sequence request in the website to be tested to obtain a corresponding response page, and carrying out similarity analysis on the obtained response page to obtain a similarity value between the response page corresponding to the URL request and each request corresponding response page in the sequence request. It should be noted that, each request corresponds to one response page, so at least three response pages obtained in the embodiment of the present invention are respectively a response page corresponding to a URL request, a response page corresponding to a URL request under a logical true condition, and a response page corresponding to a URL request under a logical false condition. Among them, algorithms employed for similarity analysis include, but are not limited to, cosine distance, euclidean distance, and jaccard coefficient.
Further, step S20 includes:
Step a, response pages obtained by executing the URL request and the sequence request are obtained, and a Jacquard coefficient between a first response page corresponding to the URL request and each sequence response page corresponding to the sequence request is calculated.
Specifically, a response page obtained after execution of the URL request is obtained and noted as a first response page, and a response page obtained after execution of each request in the sequence request is obtained and noted as a sequence response page, and a jaccard coefficient between the first response page and each sequence response page is calculated. Jaccard (Jaccard) coefficients are defined as the ratio of the intersection between set A and set B to the union between set A and set B, as follows:
when the set a and the set B are both empty sets, the jaccard coefficient J (a, B) is defined as 1, that is, the value of J (a, B) is 1, the closer the value of J (a, B) e [0,1] is to 1, the more similar the response page corresponding to the set a and the response page corresponding to the set B are, and when J (a, B) =1, the same response page corresponding to the set a and the response page corresponding to the set B are indicated.
Further, step a comprises:
step a1, obtaining response pages corresponding to the URL request and the sequence request, and dividing texts corresponding to the first response page and the sequence response page into character segments according to a preset line feed character.
Specifically, a first response page obtained after the URL request is executed is obtained, a sequence response page obtained after each request in the sequence request is executed is obtained, texts in the first response page and the sequence response page are obtained, and texts corresponding to the first response page and the sequence response page are divided into character segments according to line-wrapping characters in the texts. In the process of generating the response page, the corresponding line-feed character is automatically generated in the text corresponding to the response page. When the first response page and the sequence response page are of different types, the corresponding line feed symbols are also different. For example, the corresponding line-feed of an HTML (Hyper Text Markup Language ) document is < br >, which can be inserted with a simple line-feed, the < br > tag is an empty tag (meaning that it has no end tag, and thus is erroneous: < br > </br >). In XHTML (eXtensible Hyper Text Markup Language ), an end tag is placed in a start tag, i.e. < br/>. A line feed of a word document is a line feed symbol that acts as a line feed display, but is not a true paragraph marker, its line feed is not a true restart of a paragraph, so that text split by the line feed is still in a paragraph, and all paragraph-based operations in the word document do not identify the line feed as the end of a paragraph.
Further, in order to improve the efficiency of obtaining the corresponding elements of the first response page and the sequence response page, after the first response page and the sequence response page are obtained, whether the first response page and the sequence response page are HTML documents is judged. When a certain response page is determined to be an HTML document, DOM analysis (Document Object Model ) is carried out on the HTML document so as to generate a DOM tree corresponding to the response page, text is extracted from DOM nodes of the DOM tree so as to obtain text corresponding to the response page, and then the text is segmented into character segments according to line-wrapping characters. And after determining that a certain response page is not an HTML document, dividing the corresponding text of the response page which is not the HTML document into a plurality of character segments directly according to the corresponding preset line-wrapping character.
Specifically, the process of detecting whether the response page is an HTML document is: detecting whether an HTML tag is carried in a response page, wherein the HTML DOM defines a standard method for accessing and operating an HTML document; the DOM expresses an HTML document as a tree structure. The HTML tag is stored in advance according to the HTML document in the tree structure expression form. If the response page is detected to carry the HTML tag, determining that the response page is an HTML document; if the response page is detected not to carry the HTML tag, determining that the response page is not an HTML document.
And a2, dividing the character segment into character strings according to preset separators, and correspondingly obtaining elements corresponding to the first response page and the sequence response page.
After the character segments corresponding to the first response page and the sequence response page are obtained, the character segments are segmented into corresponding character strings according to preset separators, and elements in a corresponding set of the first response page and elements in a corresponding set of the sequence response page are correspondingly obtained. Wherein the separator includes, but is not limited to, a space in a character segment, a comma, a semicolon, a period, a sigh, and a question mark. It can be understood that the character string corresponding to the first response page is an element in the first response page corresponding set, the character string corresponding to the sequence response page is an element in the sequence response page corresponding set, and one character string is the first element in the first response page and the sequence response page.
And a3, calculating an intersection and a union of elements between the first response page and each sequence response page, and dividing the intersection by the corresponding union to obtain a corresponding Jacquard coefficient.
After obtaining the elements of the corresponding sets of the first response page and the sequence response page, calculating the intersection and the union of the elements of the first response page and each sequence response page, and dividing the calculated intersection by the corresponding union to obtain the corresponding Jacquard coefficient. As can be seen from the above definition of the jaccard coefficient, a may represent a set of elements corresponding to the first response page, and B may represent a set of elements corresponding to one of the sequence response pages.
And b, correspondingly taking the Jacquard coefficient as a similarity value between the first response page and each sequence response page.
And after the Jacquard coefficients between the first response page and each sequence response page are calculated, the Jacquard coefficients are correspondingly used as similarity values between the first response page and each sequence response page. It will be appreciated that the closer the value of the jaccard coefficient is to 1, the more similar the first response page is to the corresponding sequence response page; when the value of the jaccard coefficient approaches 0, the first response page is indicated to be more dissimilar from the corresponding sequence response page.
And step S30, if the similarity value meets a preset condition, determining that the URL request has SQL injection loopholes.
In the embodiment of the invention, the number of the corresponding URL requests of the sequence requests is different, and the corresponding preset conditions are also different, namely the number of the sequence response pages is different, and the corresponding preset conditions are different. And when the similarity value is determined to meet the preset condition, determining that the SQL injection loophole exists in the URL request, namely determining that the SQL injection loophole exists in the website to be tested. The SQL injection vulnerability is caused by the problem of input verification of the WEB application program, so that an attacker can inject the maliciously constructed SQL statement into the back-end database through the input point of the WEB application for execution, and the aim of forming malicious attack on the database is fulfilled. The WEB is named as World Wide WEB, namely a global Wide area network, also called as the World Wide WEB, and is commonly called as a website; it is a global, dynamic interactive, cross-platform distributed graphical information system based on hypertext and HTTP.
According to the embodiment, through constructing a sequence request of a URL request detection point corresponding to a Boolean logic parameter, executing the URL request and the URL request corresponding to the sequence request, acquiring a response page obtained after executing the URL request and the sequence request, and carrying out similarity analysis on the response page to obtain a similarity value between the response page corresponding to the URL request and each request corresponding response page in the sequence request; if the similarity value meets the preset condition, determining that the SQL injection vulnerability exists in the URL request, and judging whether the SQL injection vulnerability exists in the URL request according to the similarity between the response pages, so that the accuracy of detecting the SQL injection vulnerability is improved.
Further, a second embodiment of the SQL injection vulnerability detection method of the invention is provided.
The second embodiment of the method for detecting the SQL injection vulnerability is different from the first embodiment of the method for detecting the SQL injection vulnerability in that the method for detecting the SQL injection vulnerability further comprises:
and c, constructing a request of logical true condition for each detection point in the URL request, and marking the request as a first true request.
In the process of constructing a sequence request of the corresponding Boolean logic parameters of the URL request detection points, constructing a URL request of a logic true condition for each detection point in the URL request, and marking the URL request as a first true request.
And d, constructing a request of logic false condition for each detection point in the URL request, and marking the request as a first false request to form a sequence request comprising the first true request and the first false request.
A logical dummy URL request is constructed for each detection point in the URL request, and the URL request is marked as a first dummy request. Wherein the first true request and the first false request constitute a sequence request corresponding to the URL request detection point.
Step S30 includes:
and e, if the first Jacquard coefficient between the first response page corresponding to the URL request and the second response page corresponding to the first real request is determined to be larger than a first threshold value, judging whether the second Jacquard coefficient between the first response page and the third response page corresponding to the first fake request is smaller than a second threshold value or not.
And after the first true request and the first false request are obtained, executing the URL request, the first true request and the first false request in the website to be tested, obtaining a first response page obtained after the URL request is executed, a second response page obtained after the first true request is executed, and a third response page obtained after the first false request is executed, calculating a Jacquard coefficient between the first response page and the second response page, and marking the Jacquard coefficient between the first response page and the third response page as a first Jacquard coefficient, and calculating a Jacquard coefficient between the first response page and the third response page as a second Jacquard coefficient.
It can be understood that the first jaccard coefficient and the second jaccard coefficient are similarity values between corresponding response pages. And judging whether the first Jacquard coefficient and the second Jacquard coefficient meet the preset condition or not after the first Jacquard coefficient and the second Jacquard coefficient are obtained. Specifically, it is determined whether the first jaccard coefficient is greater than a first threshold. If the first Jacquard coefficient is determined to be greater than the first threshold, judging whether the second Jacquard coefficient is smaller than the second threshold. If the first Jaccard coefficient is determined to be smaller than or equal to a first threshold value, the fact that the SQL injection loophole does not exist at the detection point corresponding to the URL request is indicated, at the moment, whether the detection point which is not detected yet exists is judged, if the detection point which is not detected yet exists, the same method for detecting whether the SQL injection loophole exists at the detection point is adopted, the detection point which is not detected yet in the URL request is continuously detected until the SQL injection loophole does not exist at all the detection points of the URL request, and the SQL injection loophole is determined to not exist in the URL request.
The first threshold and the second threshold can be set according to specific needs, and the first threshold and the second threshold can be equal or unequal. For example, the first threshold and the second threshold may both be set to 0.99, or the first threshold may be set to 0.99, the second threshold may be set to 0.98, etc.
It should be noted that, the response page may be dynamically changed, and the reason for the change may be caused by a change in the current time, the current weather state, etc. of the website to be tested; or due to network fluctuations that result in partial content in the response page not yet loaded. But normally the content of the response page changes is small, so the similarity between the first response page and the second response page will be high.
And f, if the second Jaccard coefficient is smaller than the second threshold value, determining that the URL request has SQL injection holes.
If the second Jaccard coefficient is smaller than the second threshold value, determining that the SQL injection vulnerability exists at the detection point corresponding to the URL request, namely the SQL injection vulnerability exists at the URL request; and if the second Jaccard coefficient is greater than or equal to a second threshold value, determining that no SQL injection vulnerability exists in the corresponding detection point in the URL request.
It should be noted that, by performing similarity analysis on the first response page and the second response page, whether the current test environment is stable is determined, where the test environment includes a network environment, a server environment, and the like. It will be appreciated that the URL request corresponding to the second response page is a true request, and if the test environment is stable, the similarity between the first response page and the second response page should be close to 1 or equal to 1, and therefore, the first threshold should be set to a value close to 1 or equal to 1. And judging whether SQL injection holes possibly exist in corresponding detection points in the URL request due to the execution of SQL sentences or not by carrying out similarity analysis on the first response page and the third response page. It will be appreciated that if structured boolean logic false SQL statements are executed in the background of the web server to be tested, the response pages between the URL request and the first false request should be different, even completely different, and therefore the second threshold should be set to a value approaching 1, or equal to 1.
According to the method, a real request and a fake request are constructed, then the relation between a first Jacquard coefficient and a first threshold value between a response page corresponding to the URL request and a response page corresponding to the first real request is analyzed, and the relation between a second Jacquard coefficient and a second threshold value between the response page corresponding to the URL request and a response page corresponding to the first fake request is analyzed, and when the first Jacquard coefficient is larger than the first threshold value and the second Jacquard coefficient is smaller than the second threshold value, it is determined that SQL injection holes exist in the URL request, and the accuracy of detecting SQL injection holes is improved.
Further, a third embodiment of the SQL injection vulnerability detection method of the invention is provided.
The third embodiment of the method for detecting the SQL injection vulnerability is different from the first or second embodiment of the method for detecting the SQL injection vulnerability in that the step d comprises:
step d1, constructing a request of logic false condition for each detection point in the URL request, which is marked as a first false request, and constructing a confirmation request of logic true condition for the first true request, which is marked as a second true request.
A logical dummy URL request is constructed for each detection point in the URL request, and is marked as a first dummy request, and a logical true URL validation request is constructed for the first true request, and is marked as a second true request.
And d2, constructing a confirmation request of a logic false condition for the first false request, and recording the confirmation request as a second false request to form a sequence request comprising the first true request, the first false request, the second true request and the second false request.
After the first dummy request is constructed, a URL confirmation request of a logic dummy condition is constructed for the first dummy request, the URL confirmation request is marked as a second dummy request, and the first real request, the first dummy request, the second real request and the second dummy request are combined into a sequence request. In this embodiment, the order of constructing the first real request, the first fake request, the second real request, and the second fake request is not limited. With reference to the URL request described in the first embodiment, the corresponding first true request may be http:// www.test.com/testparam_a=1and 1=1, where "and 1=1" is the structured boolean logically true SQL statement; the first spurious request may be http:// www.test.com/testparam_a=1and 1=2, where "and 1=2" is the structured boolean logically true SQL statement; the second true request may be http:// www.test.com/testparam_a=1 and 3×3=9, where "and 3*3 =9" is the structured boolean logically true SQL statement, which is different from the first structured logically true "and 1=1"; the second dummy request may be http:// www.test.com/testparam_a=1 and 3×3=8, where "and 3*3 =8" is the structured boolean logic dummy SQL statement, which is different from the first structured logic dummy "and 1=2". From this, the boolean logic SQL statements corresponding to the first and second true requests are different, and the boolean logic SQL statements corresponding to the first and second false requests are also different.
Step S30 further includes:
and g, if the first Jacquard coefficient between the first response page corresponding to the URL request and the second response page corresponding to the first real request is determined to be larger than a first threshold value, judging whether the second Jacquard coefficient between the first response page and the third response page corresponding to the first fake request is smaller than a second threshold value.
When a first true request, a second true request, a first false request and a second false request are constructed, URL requests, first true requests, first false requests, second true requests and second false requests are executed in a website to be tested, a first response page obtained after the URL requests are executed, a second response page obtained after the first true requests are executed, a third response page obtained after the first false requests are executed, a fourth response page obtained after the second true requests are executed, and a fifth response page obtained after the second false requests are executed, and the Jacquard coefficients between the first response page and the second response page are calculated and recorded as first Jacquard coefficients, and the Jacquard coefficients between the first response page and the third response page are calculated and recorded as second Jacquard coefficients. If the first Jacquard coefficient is determined to be greater than the first threshold, judging whether the second Jacquard coefficient is smaller than the second threshold.
And h, if the second Jacquard coefficient is smaller than the second threshold value, determining a third Jacquard coefficient between the first response page and a fourth response page corresponding to the second real request, and calculating a first difference value between the third Jacquard coefficient and the first Jacquard coefficient.
If the second Jacquard coefficient is determined to be smaller than the second threshold value, calculating a third Jacquard coefficient between the first response page and the fourth response page, calculating a difference between the third Jacquard coefficient and the first Jacquard coefficient, marking the difference as a first difference, and judging whether the first difference is smaller than the third threshold value. Wherein the third threshold may be set according to specific needs, for example, may be set to 0.01. It should be noted that, for comparison, the first difference is an absolute value of a difference between the third jekcal coefficient and the first jekcal coefficient.
And i, if the first difference value is smaller than a third threshold value, determining a fourth Jacquard coefficient between the first response page and a fifth response page corresponding to the second fake request, and calculating a second difference value between the fourth Jacquard coefficient and the second Jacquard coefficient.
If the first difference value is smaller than the third threshold value, calculating a fourth Jacquard coefficient between the first response page and a fifth response page corresponding to the second fake request, subtracting the second Jacquard coefficient from the fourth Jacquard coefficient, and calculating a difference value between the fourth Jacquard coefficient and the second Jacquard coefficient to be recorded as a second difference value. It should be noted that, for convenience of comparison, the second difference is an absolute value of a difference between the fourth jekcal coefficient and the second jekcal coefficient.
After the second difference is calculated, it is determined whether the second difference is less than a fourth threshold. The fourth threshold may be equal to the third threshold or not equal to the third threshold. Further, if the first difference is greater than or equal to the third threshold, it is determined that no SQL injection hole exists at the corresponding detection point in the URL request.
And j, if the second difference value is smaller than a fourth threshold value, determining that the URL request has SQL injection loopholes.
If the second difference value is smaller than the fourth threshold value, determining that SQL injection holes exist in corresponding detection points in the URL request, namely SQL injection holes exist in the website to be tested. Further, if the second difference is greater than or equal to the fourth threshold, it is determined that no SQL injection vulnerability exists at the corresponding detection point in the URL request.
It should be noted that, the process of calculating the jaccard coefficient is described in detail in the first embodiment, and will not be described in detail in this embodiment. And confirming the stability of the current test environment by carrying out similarity analysis on the first response page and the fourth response page, and secondarily confirming the SQL injection execution result of the logical true condition. And determining whether SQL injection holes exist in the corresponding detection points in the URL request due to the execution of SQL sentences again by performing similarity analysis on the first response page and the fifth response page.
To prove the stability of the test environment of SQL injection vulnerability detection, the validity of the logically true detection of the last (first true request) construct is guaranteed, so a logically true secondary validation request is initiated. If the test environment of the SQL injection vulnerability detection is stable and the SQL injection vulnerability exists, the third Jack coefficient is certainly very close to or equal to the first Jack coefficient; the absolute value of the difference between the third jekcal coefficient and the first jekcal coefficient would be a value close to 0 or even equal to 0, whereby it is known that the third threshold should be set to a value equal to 0 or approaching 0.
To prove the stability of the test environment of SQL injection vulnerability detection, the validity of the detection of the logic false constructed last time (first false request) is guaranteed, so a second validation request of the logic false is initiated. If the test environment of the SQL injection vulnerability detection at this time (the second fake request) is stable and the SQL injection vulnerability exists indeed, the fourth Jiede card coefficient and the second Jiede card coefficient are certainly very close or equal; the absolute value of the difference between the fourth jedec coefficient and the second jedec coefficient will certainly be a value close to 0, even equal to 0, and therefore the fourth threshold should be set to a value equal to 0, or approaching 0.
According to the method, the device and the system, the two true requests and the two false requests are constructed, the first true request is confirmed through the second true request, the validity of logical true detection corresponding to the first true request is guaranteed, the first false request is confirmed through the second false request, the validity of logical false detection corresponding to the first false request is guaranteed, the accuracy of detecting SQL injection holes is further improved, and the false report rate of SQL injection hole detection are reduced. In the WEB security vulnerability detection, if a URL request originally has a vulnerability, the leak is not detected, which is called a leak. False positives are false positives that are detected as existing vulnerabilities in the WEB security vulnerability detection if a URL request does not have a vulnerability in nature.
In addition, referring to fig. 2, the present invention further provides an SQL injection vulnerability detection device, where the SQL injection vulnerability detection device includes:
the determining module 10 is configured to determine a detection point of a URL request after acquiring the URL request of a website to be tested;
a construction module 20, configured to construct a sequence request of the detection point corresponding to the boolean logic parameter;
an obtaining module 30, configured to obtain a response page obtained after the URL request and the sequence request are executed;
The analysis module 40 is configured to perform similarity analysis on the response pages to obtain a similarity value between the response page corresponding to the URL request and the response page corresponding to each request in the sequence request;
the determining module 10 is further configured to determine that the URL request has an SQL injection vulnerability if the similarity value satisfies a preset condition.
Further, the constructing module 20 is further configured to construct a request of a logical true condition for each detection point in the URL request, which is denoted as a first true request; constructing a request of logic false condition for each detection point in the URL request, which is marked as a first false request, so as to form a sequence request comprising the first true request and the first false request.
Further, the construction module 20 is further configured to construct a request of a logical false condition for each detection point in the URL request, which is denoted as a first false request, and construct a confirmation request of a logical true condition for the first true request, which is denoted as a second true request; constructing a validation request of a logical false condition for the first false request, denoted as a second false request, to form a sequence request comprising the first true request, the first false request, the second true request, and the second false request.
Further, the determining module 10 further includes:
a first judging unit, configured to judge whether a first jaccard coefficient between a first response page corresponding to the URL request and a second response page corresponding to the first real request is smaller than a second threshold value if it is determined that the first jaccard coefficient between the first response page and a third response page corresponding to the first real request is larger than the first threshold value;
and the first determining unit is used for determining that the URL request has SQL injection holes if the second Jaccard coefficient is smaller than the second threshold value.
Further, the determining module 10 further includes:
a second judging unit, configured to judge whether a second jaccard coefficient between a first response page corresponding to the URL request and a third response page corresponding to the first dummy request is smaller than a second threshold value if it is determined that the first jaccard coefficient between the first response page and the second response page corresponding to the first dummy request is larger than the first threshold value;
a second determining unit, configured to determine a third jaccard coefficient between the first response page and a fourth response page corresponding to the second real request if the second jaccard coefficient is smaller than the second threshold;
A first calculation unit configured to calculate a first difference between the third jaccard coefficient and the first jaccard coefficient;
the second determining unit is further configured to determine a fourth jaccard coefficient between the first response page and a fifth response page corresponding to the second fake request if the first difference value is smaller than a third threshold value;
the first calculating unit is further configured to calculate a second difference between the fourth jaccard coefficient and the second jaccard coefficient;
the second determining unit is further configured to determine that the URL request has an SQL injection vulnerability if the second difference is less than a fourth threshold.
Further, the analysis module 40 includes:
the second calculation unit is used for calculating a Jacquard coefficient between a first response page corresponding to the URL request and each sequence response page corresponding to the sequence request;
and a third determining unit, configured to correspond the jaccard coefficient to a similarity value between the first response page and each of the sequence response pages.
Further, the second calculation unit includes:
the segmentation subunit is used for segmenting the texts corresponding to the first response page and the sequence response page into character segments according to a preset line feed character; dividing the character segment into character strings according to preset separators, and correspondingly obtaining elements corresponding to the first response page and the sequence response page;
And the calculating subunit is used for calculating an intersection set and a union set of elements between the first response page and each sequence response page, and dividing the intersection set by the corresponding union set to obtain a corresponding Jacquard coefficient.
It should be noted that, the embodiments of the SQL injection vulnerability detection apparatus are substantially the same as the embodiments of the above-mentioned SQL injection vulnerability detection method, and will not be described in detail herein.
In addition, the invention also provides SQL injection vulnerability detection equipment. As shown in fig. 3, fig. 3 is a schematic structural diagram of a hardware running environment according to an embodiment of the present invention.
It should be noted that fig. 3 may be a schematic structural diagram of a hardware operating environment of the SQL injection vulnerability detection device. The SQL injection vulnerability detection device in the embodiment of the invention can be terminal devices such as a PC, a portable computer and the like.
As shown in fig. 3, the SQL injection vulnerability detection apparatus may include: a processor 1001, such as a CPU, memory 1005, user interface 1003, network interface 1004, communication bus 1002. Wherein the communication bus 1002 is used to enable connected communication between these components. The user interface 1003 may include a Display, an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may further include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 1005 may be a high-speed RAM memory or a stable memory (non-volatile memory), such as a disk memory. The memory 1005 may also optionally be a storage device separate from the processor 1001 described above.
Optionally, the SQL injection vulnerability detection device may further include a camera, an RF (Radio Frequency) circuit, a sensor, an audio circuit, a WiFi module, and so on.
Those skilled in the art will appreciate that the SQL injection vulnerability detection device architecture shown in FIG. 3 is not limiting and may include more or fewer components than shown, or some components in combination, or a different arrangement of components.
As shown in fig. 3, an operating system, a network communication module, a user interface module, and an SQL injection vulnerability detection program may be included in a memory 1005, which is one type of computer storage medium. The operating system is a program for managing and controlling hardware and software resources of the SQL injection vulnerability detection device and supports the operation of the SQL injection vulnerability detection program and other software or programs.
In the SQL injection vulnerability detection device shown in FIG. 3, the user interface 1003 may be used for a terminal held by a user to communicate data with the terminal held by the user; the network interface 1004 is mainly used for connecting a background server and carrying out data communication with the background server; the processor 1001 may be configured to invoke the SQL injection vulnerability detection program stored in the memory 1005 and perform the steps of the SQL injection vulnerability detection method as described above.
The specific implementation manner of the SQL injection vulnerability detection device is basically the same as that of each embodiment of the SQL injection vulnerability detection method, and is not repeated here.
In addition, the embodiment of the invention also provides a computer readable storage medium, wherein the computer readable storage medium is stored with an SQL injection vulnerability detection program, and the SQL injection vulnerability detection program realizes the steps of the SQL injection vulnerability detection method when being executed by a processor.
The specific implementation manner of the computer readable storage medium of the present invention is basically the same as the above embodiments of the SQL injection vulnerability detection method, and will not be described herein again.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method according to the embodiments of the present invention.
The foregoing description is only of the preferred embodiments of the present invention, and is not intended to limit the scope of the invention, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein or in the alternative, which may be employed directly or indirectly in other related arts.

Claims (6)

1. The structured query language SQL injection vulnerability detection method is characterized by comprising the following steps of:
after a Uniform Resource Locator (URL) request of a website to be tested is obtained, determining a detection point of the URL request, and constructing a sequence request of the detection point corresponding to a Boolean logic parameter;
obtaining response pages obtained after the URL request and the sequence request are executed, and carrying out similarity analysis on the response pages to obtain similarity values between response pages corresponding to the URL request and response pages corresponding to each request in the sequence request;
if the similarity value meets a preset condition, determining that SQL injection holes exist in the URL request;
the step of constructing the sequence request of the detection point corresponding to the Boolean logic parameter comprises the following steps:
constructing a request of logical true condition for each detection point in the URL request, and marking the request as a first true request;
constructing a request of logic false condition for each detection point in the URL request, marking the request as a first false request, constructing a confirmation request of logic true condition for the first true request, marking the request as a second true request;
constructing a validation request of a logic false condition for the first false request, and recording the validation request as a second false request to form a sequence request comprising the first true request, the first false request, the second true request and the second false request;
If the similarity value meets a preset condition, the step of determining that the URL request has an SQL injection vulnerability includes:
if the first Jacquard coefficient between the first response page corresponding to the URL request and the second response page corresponding to the first real request is determined to be larger than a first threshold value, judging whether the second Jacquard coefficient between the first response page and the third response page corresponding to the first real request is smaller than a second threshold value or not;
if the second Jacquard coefficient is smaller than the second threshold value, determining a third Jacquard coefficient between the first response page and a fourth response page corresponding to the second real request, and calculating a first difference value between the third Jacquard coefficient and the first Jacquard coefficient;
if the first difference value is smaller than a third threshold value, determining a fourth Jacquard coefficient between the first response page and a fifth response page corresponding to the second fake request, and calculating a second difference value between the fourth Jacquard coefficient and the second Jacquard coefficient;
and if the second difference value is smaller than a fourth threshold value, determining that SQL injection holes exist in the URL request.
2. The method for detecting the SQL injection vulnerability according to claim 1, wherein the step of obtaining the response page obtained after executing the URL request and the sequence request, and performing similarity analysis on the response page to obtain a similarity value between the response page corresponding to the URL request and the response page corresponding to each request in the sequence request comprises:
Acquiring response pages obtained by executing the URL request and the sequence request correspondingly, and calculating a Jaccard coefficient between a first response page corresponding to the URL request and each sequence response page corresponding to the sequence request;
and correspondingly taking the Jaccard coefficient as a similarity value between the first response page and each sequence response page.
3. The method of claim 2, wherein the step of obtaining response pages corresponding to the URL request and the sequence request, and calculating a jaccard coefficient between a first response page corresponding to the URL request and each sequence response page corresponding to the sequence request comprises:
acquiring response pages corresponding to the URL request and the sequence request, and dividing texts corresponding to the first response page and the sequence response page into character segments according to preset line-wrapping symbols;
dividing the character segment into character strings according to preset separators, and correspondingly obtaining elements corresponding to the first response page and the sequence response page;
and calculating an intersection and a union of elements between the first response page and each sequence response page, and dividing the intersection by the corresponding union to obtain a corresponding Jacquard coefficient.
4. An SQL injection vulnerability detection device, wherein the SQL injection vulnerability detection device comprises:
the determining module is used for determining a detection point of the URL request after acquiring the URL request of the uniform resource locator of the website to be tested;
the construction module is used for constructing a sequence request of the detection point corresponding to the Boolean logic parameter;
the acquisition module is used for acquiring a response page obtained after the URL request and the sequence request are executed;
the analysis module is used for carrying out similarity analysis on the response pages to obtain similarity values between the response pages corresponding to the URL requests and the response pages corresponding to each request in the sequence requests;
the determining module is further configured to determine that the URL request has an SQL injection vulnerability if the similarity value satisfies a preset condition;
the construction module is further configured to construct a request of a logical true condition for each detection point in the URL request, and record the request as a first true request;
constructing a request of logic false condition for each detection point in the URL request, marking the request as a first false request, constructing a confirmation request of logic true condition for the first true request, marking the request as a second true request;
Constructing a validation request of a logic false condition for the first false request, and recording the validation request as a second false request to form a sequence request comprising the first true request, the first false request, the second true request and the second false request;
the determining module is further configured to determine, if it is determined that a first jaccard coefficient between a first response page corresponding to the URL request and a second response page corresponding to the first real request is greater than a first threshold, whether a second jaccard coefficient between the first response page and a third response page corresponding to the first real request is less than a second threshold;
if the second Jacquard coefficient is smaller than the second threshold value, determining a third Jacquard coefficient between the first response page and a fourth response page corresponding to the second real request, and calculating a first difference value between the third Jacquard coefficient and the first Jacquard coefficient;
if the first difference value is smaller than a third threshold value, determining a fourth Jacquard coefficient between the first response page and a fifth response page corresponding to the second fake request, and calculating a second difference value between the fourth Jacquard coefficient and the second Jacquard coefficient;
And if the second difference value is smaller than a fourth threshold value, determining that SQL injection holes exist in the URL request.
5. An SQL injection hole detection device, characterized in that it comprises a memory, a processor and an SQL injection hole detection program stored on the memory and executable on the processor, the SQL injection hole detection program implementing the steps of the SQL injection hole detection method according to any one of claims 1 to 3 when executed by the processor.
6. A computer readable storage medium, wherein the computer readable storage medium has stored thereon an SQL injection vulnerability detection program, which when executed by a processor, implements the steps of the SQL injection vulnerability detection method of any one of claims 1 to 3.
CN201811188829.3A 2018-10-11 2018-10-11 SQL injection vulnerability detection method, device, equipment and readable storage medium Active CN109657472B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201811188829.3A CN109657472B (en) 2018-10-11 2018-10-11 SQL injection vulnerability detection method, device, equipment and readable storage medium
PCT/CN2018/122811 WO2020073493A1 (en) 2018-10-11 2018-12-21 Sql injection vulnerability detection method, apparatus and device, and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811188829.3A CN109657472B (en) 2018-10-11 2018-10-11 SQL injection vulnerability detection method, device, equipment and readable storage medium

Publications (2)

Publication Number Publication Date
CN109657472A CN109657472A (en) 2019-04-19
CN109657472B true CN109657472B (en) 2023-09-22

Family

ID=66110693

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811188829.3A Active CN109657472B (en) 2018-10-11 2018-10-11 SQL injection vulnerability detection method, device, equipment and readable storage medium

Country Status (2)

Country Link
CN (1) CN109657472B (en)
WO (1) WO2020073493A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111404937B (en) * 2020-03-16 2021-12-10 腾讯科技(深圳)有限公司 Method and device for detecting server vulnerability
US11562095B2 (en) 2021-01-28 2023-01-24 International Business Machines Corporation Reinforcing SQL transactions dynamically to prevent injection attacks

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102799830A (en) * 2012-08-06 2012-11-28 厦门市美亚柏科信息股份有限公司 Improved SQL (Structured Query Language) injection flaw detection method
CN103077348A (en) * 2012-12-28 2013-05-01 华为技术有限公司 Method and device for vulnerability scanning of Web site
CN104965784A (en) * 2015-06-16 2015-10-07 广州华多网络科技有限公司 Automatic test method and apparatus
CN105072095A (en) * 2015-07-20 2015-11-18 北京神州绿盟信息安全科技股份有限公司 Method of detecting SQL (Structured Query Language) injection vulnerability and device
CN106411578A (en) * 2016-09-12 2017-02-15 国网山东省电力公司电力科学研究院 Website monitoring system and method applicable to power industry
CN108616527A (en) * 2018-04-16 2018-10-02 贵州大学 One kind is towards SQL injection bug excavation method and device

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7743327B2 (en) * 2006-02-23 2010-06-22 Xerox Corporation Table of contents extraction with improved robustness
US20080065671A1 (en) * 2006-09-07 2008-03-13 Xerox Corporation Methods and apparatuses for detecting and labeling organizational tables in a document
KR101416712B1 (en) * 2012-07-12 2014-07-09 김영근 Method For Implementation Of XML Document With Formal Data and Informal Data
CN106407803B (en) * 2016-08-30 2019-06-14 北京奇虎科技有限公司 The detection method and device of SQL injection loophole

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102799830A (en) * 2012-08-06 2012-11-28 厦门市美亚柏科信息股份有限公司 Improved SQL (Structured Query Language) injection flaw detection method
CN103077348A (en) * 2012-12-28 2013-05-01 华为技术有限公司 Method and device for vulnerability scanning of Web site
CN104965784A (en) * 2015-06-16 2015-10-07 广州华多网络科技有限公司 Automatic test method and apparatus
CN105072095A (en) * 2015-07-20 2015-11-18 北京神州绿盟信息安全科技股份有限公司 Method of detecting SQL (Structured Query Language) injection vulnerability and device
CN106411578A (en) * 2016-09-12 2017-02-15 国网山东省电力公司电力科学研究院 Website monitoring system and method applicable to power industry
CN108616527A (en) * 2018-04-16 2018-10-02 贵州大学 One kind is towards SQL injection bug excavation method and device

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Exposing SQL Injection Vulnerability through Penetration Test Based on Finite State Machine;Lei Liu etal.;《2016 2nd IEEE international Conference on Computer and Communications》;第1171-1176页 *
基于DOM树序列值比对的SQL注入漏洞检测;罗明宇;凌捷;;计算机工程与设计(02);第78-82页 *
基于网页DOM树比对的SQL注入漏洞检测;张晨;汪永益;王雄;施凡;;计算机工程(18);第117-121页 *

Also Published As

Publication number Publication date
CN109657472A (en) 2019-04-19
WO2020073493A1 (en) 2020-04-16

Similar Documents

Publication Publication Date Title
US10915828B2 (en) Website address identification method and apparatus
US9525702B2 (en) Similarity search and malware prioritization
US9471714B2 (en) Method for increasing the security level of a user device that is searching and browsing web pages on the internet
CN104766014A (en) Method and system used for detecting malicious website
CN109768992B (en) Webpage malicious scanning processing method and device, terminal device and readable storage medium
CN111835777B (en) Abnormal flow detection method, device, equipment and medium
US9275018B2 (en) Techniques for analyzing web pages to determine font subsets
CN104063401A (en) Webpage style address merging method and device
US9449114B2 (en) Removing non-substantive content from a web page by removing its text-sparse nodes and removing high-frequency sentences of its text-dense nodes using sentence hash value frequency across a web page collection
US20130232424A1 (en) User operation detection system and user operation detection method
WO2022063133A1 (en) Sensitive information detection method and apparatus, and device and computer-readable storage medium
CN104023046B (en) Mobile terminal recognition method and device
JP7182764B2 (en) Fraudulent web page detection device, control method and control program for fraudulent web page detection device
WO2021253252A1 (en) Method and apparatus for testing webpage, and electronic device and storage medium
CN109657472B (en) SQL injection vulnerability detection method, device, equipment and readable storage medium
CN114817811B (en) Website analysis method and device
CN107786529B (en) Website detection method, device and system
CN111143722A (en) Method, device, equipment and medium for detecting webpage hidden link
WO2015154270A1 (en) Method and device for information search
CN109150842B (en) Injection vulnerability detection method and device
CN115437930B (en) Webpage application fingerprint information identification method and related equipment
Zhang et al. Detecting bad information in mobile wireless networks based on the wireless application protocol
JP2024507029A (en) Web page identification methods, devices, electronic devices, media and computer programs
CN106033405B (en) Network book catalog integrity detection method and device
CN110825976B (en) Website page detection method and device, electronic equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant