CN103441985B - A kind of SQL injection loophole detection method for COOKIE mode - Google Patents
A kind of SQL injection loophole detection method for COOKIE mode Download PDFInfo
- Publication number
- CN103441985B CN103441985B CN201310317265.XA CN201310317265A CN103441985B CN 103441985 B CN103441985 B CN 103441985B CN 201310317265 A CN201310317265 A CN 201310317265A CN 103441985 B CN103441985 B CN 103441985B
- Authority
- CN
- China
- Prior art keywords
- cookie
- statement
- sql
- sql injection
- cookie value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 235000014510 cooky Nutrition 0.000 title claims abstract description 91
- 238000002347 injection Methods 0.000 title claims abstract description 50
- 239000007924 injection Substances 0.000 title claims abstract description 50
- 238000001514 detection method Methods 0.000 title claims abstract description 11
- 238000000034 method Methods 0.000 claims description 13
- 230000015572 biosynthetic process Effects 0.000 claims description 3
- 238000001914 filtration Methods 0.000 claims description 3
- 230000008569 process Effects 0.000 claims description 3
- 230000006870 function Effects 0.000 description 7
- 230000008859 change Effects 0.000 description 2
- 206010029412 Nightmare Diseases 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008260 defense mechanism Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention provides a kind of SQL injection loophole detection method for COOKIE mode, comprises the following steps: the initial SQL injection forming user's COOKIE value judges statement;Intercept and revise the COOKIE value that user submits to;Generate final SQL injection by amendment user's COOKIE value and judge statement;The page obtains final SQL injection and judges statement;Return execution SQL injection and judge statement page.Present invention is mainly used for solving anti-SQL to inject, SQL is injected and protects halfway problem.Injected by the SQL submitting to COOKIE value to be formed and judge statement, check that program accepts situation to COOKIE value, return Data Comparison by the page, finally detect that the SQL of program COOKIE value injects problem.
Description
Technical field
The invention belongs to network security detection technique field, be specifically related to a kind of SQL injection loophole for COOKIE mode
Detection method.
Background technology
In recent years, SQL injection attack annoyings numerous enterprises as ghost always, becomes and makes the horrent nightmare of enterprise.
Having extensive SQL injection attack to attack every year and plunder substantial amounts of website, even the website of Apple also fails to escape by luck.This wildness
Attack to industry recruit show that its most popular trend, hackers the most increasingly like this foundation frame that can penetrate into enterprise
Structure and the attack pattern of database resource.
Along with the development of B/S model application exploitation, this pattern program writing programs person is used increasingly to come the most, but by
There is potential safety hazard in the level uneven a large portion application program in programmer.User can submit to one piece of data storehouse to look into
Ask code, the result returned according to program, it is thus achieved that some he wants the data known, and this is exactly so-called SQLinjection.
SQL under COOKIE mode injects compared with tradition SQL injection, it is more difficult to is found, the most simply detects hands
Duan Wufa finds the SQL injection loophole under COOKIE mode, and a lot of managers prevent SQL from injecting, in order to simple and quick
General anti-SQL injecting program can be used, POST user submitted to due to a lot of general anti-SQL injecting programs and GET side
Formula data filter, but lack the protection of COOKIE data Layer, and programmer is when writing code, and variable-definition is not strict,
Causing program can accept COOKIE value, COOKIE value can be modified in the machine, and hacker is by constructing COOKIE in the machine
Value carries out SQL injection.To this end, this patent proposes a kind of SQL injection loophole detection technique for COOKIE mode, logical
Whether cross intercepting and capturing COOKIE value, by the program difference to page data, judge that SQL injects and exist, anti-SQL injects
Program the most thoroughly prevents SQL from injecting, and solves the SQL under COOKIE mode and injects problem.
In the script that WEB application is common, in ASP.NET, PHP or JSP, a typical display news page
The SQL statement in face can be write as:
id=request("id")
strSQL="select*from news where ID="&id
Generally we are by obtaining the variable $ id that user submits to, are submitted to data base and check the strSQL value of return, thus
Demonstrate correct news.This query SQL statement can show news content under normal circumstances, but when assailant inputs one
During the statement the most meticulously constructed, we submit to the SQL statement of data base and perform result it finds that change.As assailant inputs
$ id is: " 1and1=1 " and " 1and1=2 ".Now whole piece query statement becomes:
StrSQL1=" select*from news where ID=1and1=1 "
StrSQL2=" select*from news where ID=1and1=2 "
These two SQL statement are due to the difference of condition, and the content that the page returns is the most different.If assailant continues to construct other
SQL statement, can inquire data base administrator table information, and the maximum harm of SQL injection loophole, assailant can be with any configuration
The operations such as SQL statement inquiry data-base content, can inquire about data base, increase, amendment, deletion.But SQL injects
Leak is present in all application programs and the mutual part of data base in theory, and a medium scale application system may have up to a hundred
Place is mutual, owing to SQL statement is that the original statement provided by user's input and program is put together, for the input of user, point
Analysis is taken precautions against extremely difficult.
At present, the defense mechanism to SQL injection attacks mainly has following several:
1. manually add parameter and filter statement, user's input is strictly filtered.
2. formulate a keyword set, for all of user input all with each Keywords matching in this set, if
There is keyword in the input of user, be then judged to illegally input.
3. use general anti-SQL injecting program, have corresponding anti-SQL to note for the different script such as ASP, PHP, JSP
Enter program.But the general anti-SQL injecting program of part can not be entirely prevented from SQL injection loophole.
Summary of the invention
In order to overcome above-mentioned the deficiencies in the prior art, the present invention provides a kind of SQL injection loophole for COOKIE mode to examine
Survey method, is mainly used in solving anti-SQL and injects, inject SQL and protect halfway problem.By submitting COOKIE value to
The SQL formed injects and judges statement, checks that program accepts situation to COOKIE value, returns Data Comparison by the page,
Finally detect that the SQL of program COOKIE value injects problem.
In order to realize foregoing invention purpose, the present invention adopts the following technical scheme that:
A kind of SQL injection loophole detection method for COOKIE mode is provided, said method comprising the steps of:
Step 1: the initial SQL injection forming user's COOKIE value judges statement;
Step 2: intercept and revise the COOKIE value that user submits to;
Step 3: generate final SQL injection by amendment user's COOKIE value and judge statement;
Step 4: the page obtains final SQL injection and judges statement;
Step 5: return execution SQL injection and judge statement page.
In described step 1, use javascript:alert mode to submit the judgment value to certain variable to, form initial SQL injection and sentence
Conclusion sentence, is modified to statement by COOKIE coding, finally coordinates COOKIE to compile in javascript:alert mode
Escape function under Ma submits COOKIE value to.
Described step 2 comprises the following steps:
Step 2-1: the COOKIE value submitting user to is checked and revises, makes the form of COOKIE value and syntactically correct,
Final formation in COOKIE value verifies that the initial SQL injection of certain variable judges statement;
Step 2-2: submit COOKIE value to by javascript:alert () function, uses document.cookie method, joins
Close escape function to COOKIE value according to carrying out coded treatment;And to javascript:alert () function document.cookie side
The data that method is submitted to intercept, and verify the data intercepted, if data are correct, then carry out submission process.
In described step 3, intercept the access data of news pages, check that the final SQL of generation injects and judge statement, check change
Whether amount receives the COOKIE value of user;By accessing the news pages of non-band parameter, check news pages data value, sentence
Whether disconnected news pages receives the COOKIE value of submission.
In described step 4, news pages variable obtains final SQL injection by COOKIE value and judges statement, by not
News pages with parameter conducts interviews, and the SQL checking in COOKIE value by accessing result injects and judges whether statement enters
Enter news pages.
In described step 5, access filtering falls the news pages of parameter, after submitting SQL1 and SQL2 to, access parameterless newly
Hearing the page, the data of two news pages returns contrast, if two news pages data are variant, then show to exist
The SQLL injection loophole of COOKIE mode, if two news pages data are identical, then shows to there is not COOKIE mode
SQL injection loophole.
Compared with prior art, the beneficial effects of the present invention is: the SQL for COOKIE mode that the present invention provides notes
Enter leak detection method, be mainly used in solving anti-SQL and inject, SQL is injected and protects halfway problem.By submitting to
The SQL that COOKIE value is formed injects and judges statement, checks that program accepts situation to COOKIE value, is returned by the page
Data Comparison, finally detects that the SQL of program COOKIE value injects problem.
Accompanying drawing explanation
Fig. 1 is the SQL injection loophole detection method flow chart for COOKIE mode;
Fig. 2 is that the SQL injection that user submits to COOKIE value to be truncated to judges statement flow chart.
Detailed description of the invention
Below in conjunction with the accompanying drawings the present invention is described in further detail.
Such as Fig. 1 and Fig. 2, it is provided that a kind of SQL injection loophole detection method for COOKIE mode, described method include with
Lower step:
Step 1: the initial SQL injection forming user's COOKIE value judges statement;
Step 2: intercept and revise the COOKIE value that user submits to;
Step 3: generate final SQL injection by amendment user's COOKIE value and judge statement;
Step 4: the page obtains final SQL injection and judges statement;
Step 5: return execution SQL injection and judge statement page.
Step 1 comprises the following steps:
(1), use COOKIE mode to encode generation SQL injection and judge statement
(2), variable replacement SQL statement is used
Q1=javascript:alert、Q2=document.cookie、Q3=“ID=”;
Q4=“escape”、Q5="1and1=1"、Q6="1and1=2";
SQL1=Q1+Q2+Q4+Q5、SQL2=Q1+Q2+Q4+Q6
Step 2 comprises the following steps:
Step 2-1: the COOKIE value submitting user to is checked and revises, makes the form of COOKIE value and syntactically correct,
Final formation in COOKIE value verifies that the initial SQL injection of certain variable judges statement;
Step 2-2: submit COOKIE value to by javascript:alert () function, uses document.cookie method, joins
Close escape function to COOKIE value according to carrying out coded treatment;And to javascript:alert () function document.cookie side
The data that method is submitted to intercept, and verify the data intercepted, if data are correct, then carry out submission process.
The COOKIE submitting user to checks, form and grammer want correct, is finally formed in data and verifies certain variable
SQL injects and judges statement.
(1)SQL1=javascript:alert(document.cookie="ID="+escape("1and1=1"))
(2)SQL2=javascript:alert(document.cookie="ID="+escape("1and1=2"))
In step 3, intercept the access data of news pages, check that the final SQL of generation injects and judge statement, check that variable is
The no COOKIE value receiving user;By accessing the news pages of non-band parameter, check news pages data value, it is judged that new
Hear whether the page receives the COOKIE value of submission.
(1) strSQL1=" SQL "+SQL1
(2) strSQL2=" SQL "+SQL2
In described step 4, news pages variable obtains final SQL injection by COOKIE value and judges statement, by not
News pages with parameter conducts interviews, and the SQL checking in COOKIE value by accessing result injects and judges whether statement enters
Enter news pages.
(1) strSQL1=" select*from news where ID=1and1=1 "
(2) strSQL2=" select*from news where ID=1and1=2 "
In described step 5, access filtering falls the news pages of parameter, after submitting SQL1 and SQL2 to, access parameterless newly
Hearing the page, the data of two news pages returns contrast, if two news pages data are variant, then show to exist
The SQLL injection loophole of COOKIE mode, if two news pages data are identical, then shows to there is not COOKIE mode
SQL injection loophole.
Finally should be noted that: above example is only in order to illustrate that technical scheme is not intended to limit, although reference
The present invention has been described in detail by above-described embodiment, those of ordinary skill in the field it is understood that still can to this
Invention detailed description of the invention modify or equivalent, and without departing from spirit and scope of the invention any amendment or etc.
With replacing, it all should be contained in the middle of scope of the presently claimed invention.
Claims (1)
1. the SQL injection loophole detection method for COOKIE mode, it is characterised in that: said method comprising the steps of:
Step 1: the initial SQL injection forming user's COOKIE value judges statement;
Step 2: intercept and revise the COOKIE value that user submits to;
Step 3: generate final SQL injection by amendment user's COOKIE value and judge statement;
Step 4: the page obtains final SQL injection and judges statement;
Step 5: return execution SQL injection and judge statement page;
In described step 1, javascript:alert mode is used to submit the judgment value to certain variable to, form initial SQL injection and judge statement, by COOKIE coding, statement is modified, finally coordinate the escape function under COOKIE coding to submit COOKIE value in javascript:alert mode;
Described step 2 comprises the following steps:
Step 2-1: the COOKIE value submitting user to is checked and revises, makes the form of COOKIE value and syntactically correct, and finally in COOKIE value, the initial SQL injection of certain variable of formation checking judges statement;
Step 2-2: submit COOKIE value to by javascript:alert () function, uses document.cookie method, coordinates escape function to COOKIE value according to carrying out coded treatment;And the data of javascript:alert () function document.cookie method submission are intercepted, the data intercepted are verified, if data are correct, then carries out submission process;
In described step 3, intercept the access data of news pages, check that the final SQL of generation injects and judge statement, check whether variable receives the COOKIE value of user;By accessing the news pages of non-band parameter, check news pages data value, it is judged that whether news pages receives the COOKIE value of submission;
In described step 4, news pages variable obtains final SQL injection by COOKIE value and judges statement, and by conducting interviews the news pages of non-band parameter, the SQL checking in COOKIE value by accessing result injects and judges whether statement enters news pages;
In described step 5, access filtering falls the news pages of parameter, after submitting SQL1 and SQL2 to, access parameterless news pages, the data of two news pages returns contrast, if two news pages data are variant, then show to exist the SQL injection loophole of COOKIE mode, if two news pages data are identical, then show not exist the SQL injection loophole of COOKIE mode.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310317265.XA CN103441985B (en) | 2013-07-25 | 2013-07-25 | A kind of SQL injection loophole detection method for COOKIE mode |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310317265.XA CN103441985B (en) | 2013-07-25 | 2013-07-25 | A kind of SQL injection loophole detection method for COOKIE mode |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103441985A CN103441985A (en) | 2013-12-11 |
| CN103441985B true CN103441985B (en) | 2016-09-21 |
Family
ID=49695650
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310317265.XA Active CN103441985B (en) | 2013-07-25 | 2013-07-25 | A kind of SQL injection loophole detection method for COOKIE mode |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103441985B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109150842B (en) * | 2018-07-25 | 2021-07-09 | 平安科技(深圳)有限公司 | Injection vulnerability detection method and device |
| CN109120603B (en) * | 2018-07-25 | 2021-05-18 | 平安科技(深圳)有限公司 | Injection vulnerability detection method and device |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101459548A (en) * | 2007-12-14 | 2009-06-17 | 北京启明星辰信息技术股份有限公司 | Script injection attack detection method and system |
-
2013
- 2013-07-25 CN CN201310317265.XA patent/CN103441985B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101459548A (en) * | 2007-12-14 | 2009-06-17 | 北京启明星辰信息技术股份有限公司 | Script injection attack detection method and system |
Non-Patent Citations (1)
| Title |
|---|
| web攻防系列教程之cookie注入攻防实战;北京瑞星信息技术有限公司;《瑞星安全月刊》;20120823;第2页第5行至第15行 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103441985A (en) | 2013-12-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102185930B (en) | Method for detecting SQL (structured query language) injection vulnerability | |
| Buehrer et al. | Using parse tree validation to prevent SQL injection attacks | |
| Jang et al. | Detecting SQL injection attacks using query result size | |
| Ciampa et al. | A heuristic-based approach for detecting SQL-injection vulnerabilities in Web applications | |
| Tajpour et al. | SQL injection detection and prevention tools assessment | |
| Nagpal et al. | A survey on the detection of SQL injection attacks and their countermeasures | |
| Yeole et al. | Analysis of different technique for detection of SQL injection | |
| Hou et al. | MongoDB NoSQL injection analysis and detection | |
| Dalai et al. | Neutralizing SQL injection attack using server side code modification in web applications | |
| US10073844B1 (en) | Accelerated system and method for providing data correction | |
| Kausar et al. | SQL injection detection and prevention techniques in ASP .NET web application | |
| Yulianto et al. | Mitigation of cryptojacking attacks using taint analysis | |
| CN103441985B (en) | A kind of SQL injection loophole detection method for COOKIE mode | |
| Garn et al. | Combinatorial methods for dynamic gray‐box SQL injection testing | |
| Hu | Research on the technology of detecting the SQL injection attack and non-intrusive prevention in WEB system | |
| Manmadhan et al. | A method of detecting sql injection attack to secure web applications | |
| CN104715018A (en) | Intelligent SQL injection resistant method based on semantic analysis | |
| Chaki et al. | A Survey on SQL Injection Prevention Methods | |
| Mamadhan et al. | SQLStor: Blockage of stored procedure SQL injection attack using dynamic query structure validation | |
| Gonzalez et al. | Database SQL injection security problem handling with examples | |
| Gupta et al. | Analysis of NoSQL database vulnerabilities | |
| Srivastava et al. | Verity: Blockchains to detect insider attacks in DBMS | |
| Medhane | Efficient solution for SQL injection attack detection and prevention | |
| Sharma et al. | Explorative study of SQL injection attacks and mechanisms to secure web application database-A | |
| Shegokar et al. | A survey on SQL injection attack, detection and prevention techniques |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20160425 Address after: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant after: State Grid Corporation of China Applicant after: China Electric Power Research Institute Applicant after: State Grid Smart Grid Institute Address before: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant before: State Grid Corporation of China Applicant before: China Electric Power Research Institute |
|
| CB02 | Change of applicant information |
Address after: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant after: State Grid Corporation of China Applicant after: China Electric Power Research Institute Applicant after: GLOBAL ENERGY INTERCONNECTION RESEARCH INSTITUTE Address before: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing Applicant before: State Grid Corporation of China Applicant before: China Electric Power Research Institute Applicant before: State Grid Smart Grid Institute |
|
| COR | Change of bibliographic data | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |