CN107358098A - SQL SQL injection detection method and device based on plug-in unit - Google Patents
SQL SQL injection detection method and device based on plug-in unit Download PDFInfo
- Publication number
- CN107358098A CN107358098A CN201710574499.0A CN201710574499A CN107358098A CN 107358098 A CN107358098 A CN 107358098A CN 201710574499 A CN201710574499 A CN 201710574499A CN 107358098 A CN107358098 A CN 107358098A
- Authority
- CN
- China
- Prior art keywords
- sql
- morphology
- complete
- database access
- sentences
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses the SQL SQL injection detection method based on plug-in unit and device, and SQL is disposed on global wide area network Web Application Server and intercepts plug-in unit, performing following SQL injection detection method in Web Application Server includes:Receive database access request;The required parameter value in database access request is obtained, judges to whether there is SQL keywords in current request parameter value;If SQL keywords in current request parameter value be present, from database access request, the complete S QL sentences comprising SQL keywords of acquisition;The morphology of complete S QL sentences is extracted, if the morphology of the morphology of complete S QL sentences and the primary sentence of SQL query is inconsistent, plug-in unit is intercepted using SQL SQL interception probes is added in database access request.The problem of present invention can solve the problem that the existing wrong report of existing SQL injection detection technique and fail to report.
Description
Technical field
The present invention relates to technical field of network information safety, and in particular to the SQL SQL notes based on plug-in unit
Enter detection method and device.
Background technology
In technical field of network security, when carrying out application and development using B/S (browser/server) pattern, if not right
The legitimacy of client side user input data is detected, then application program can be caused certain potential safety hazard to be present, caused
SQL (SQL, Structured Query Language) injection risk be present in application program.
SQL is a kind of data base querying and programming language, for accessing data and inquiry, renewal and administrative relationships
Database Systems, SQL injection protection are always the emphasis of network security.And sql command by being inserted into Web tables by SQL injection
Dan Zhong, or being inserted into sql command inputs domain name or sql command in the inquiry string of page request, be finally reached and take advantage of
Server is deceived to perform the sql command of malice.Attacker causes to attack, so as to obtain sensitivity by SQL injection to application program
Information, and in some cases, it is also possible to cause the loss of server authority.Therefore, for Database Systems, prevent
Imperial SQL injection is quite important, and defence of the portal management personnel to SQL injection is also extremely paid attention to.
At present, the mode of common SQL injection defense technique generally use network packet capturing, that is to say, that will be by network
Between safety means grab network packet, then analyze this packet reach server after might have what influence.Than
Such as access http://www.aaaa.com/a.html1=1or 2=2, it is only one quiet to be very likely to this a.html
The state page, without any operation to database, and must be reported for the traditional application firewall of this access
Attacked for SQL, here it is obviously report by mistake.Due to carrying out decoding failure for the url of access, decrypting the in the case of of failure,
Fail to report and also occur.
Therefore it is badly in need of a kind of accurate SQL injection detection mode at present, avoids reporting by mistake the appearance of sum.
The content of the invention
It is an object of the invention to provide the SQL SQL injection detection method based on plug-in unit and device, uses
To solve the problems, such as to report by mistake and fail to report existing for existing SQL injection detection technique.
To achieve the above object, the inventive method comprises the following steps:
SQL SQL injection detection method based on plug-in unit, on global wide area network Web Application Server top
Affix one's name to SQL and intercept plug-in unit, performing following SQL injection detection method in Web Application Server includes:
Receive database access request.
The required parameter value in database access request is obtained, is judged crucial with the presence or absence of SQL in current request parameter value
Word.
If SQL keywords in current request parameter value be present, from database access request, acquisition includes SQL keys
The complete S QL sentences of word.
The morphology of complete S QL sentences is extracted, if the morphology of the morphology of complete S QL sentences and the primary sentence of SQL query differs
Cause, then intercept plug-in unit using SQL adds SQL interception probes in the database access request.
Further, database access request includes the required parameter value of more than 2.
Further, judge to whether there is SQL keywords in current request parameter value, in addition to:
If SQL keywords are not present in current request parameter value, next required parameter value is obtained.
Further, after the morphology for extracting complete S QL sentences, in addition to:
If the morphology of complete S QL sentences is consistent with the morphology of the primary sentence of SQL query, allow database access request.
Further, before the morphology for extracting complete S QL sentences, in addition to:
Remove the SQL keywords in complete S QL sentences.
Present invention also offers the SQL SQL injection detection means based on plug-in unit, in global wide area network Web
SQL is disposed on application server and intercepts plug-in unit, while SQL injection detection means is disposed on the Web Application Server.
SQL injection detection means includes receiving module, the first judge module, the second judge module and blocking module.
Receiving module, for receiving database access request, database access request is sent into the first judge module.
First judge module, for obtaining the required parameter value in database access request, judge current request parameter value
In whether there is SQL keywords, if SQL keywords in current request parameter value be present, database access request is sent to
Two judge modules.
Second judge module, for from database access request, obtaining the complete S QL sentences for including SQL keywords;Sentence
Whether the morphology of disconnected complete S QL sentences is consistent with the morphology of the primary sentence of SQL query, if the morphology of complete S QL sentences is looked into SQL
It is consistent to ask the morphology of primary sentence, then database access request is sent to blocking module.
Blocking module, SQL interception probes are added in the database access request for intercepting plug-in unit using SQL.
Further, two or more required parameter value is included in database access request.
Further, the first judge module, it is additionally operable to:
If judging SQL keywords are not present in current request parameter value, next required parameter value is obtained.
Further, the second judge module, it is additionally operable to:
If judging, the morphology of complete S QL sentences is consistent with the morphology of the primary sentence of SQL query, allows database access please
Ask.
Further, the second judge module, it is additionally operable to:
After the complete S QL sentences comprising SQL keywords are obtained, remove the SQL keywords in complete S QL sentences.
The inventive method has the following advantages that:
When whether the present invention causes the SQL injection to judge to database access request, first determine whether in required parameter value whether
SQL keywords be present, if SQL keywords be present, then the morphology of complete S QL sentences judged, if morphology do not meet it is primary
Sentence, then the database access request is judged as that SQL injection can be caused, on the one hand this method is judged by SQL keywords
It can avoid failing to report, on the other hand by judging that it is that itself applies built-in or program to write to exclude some SQL to complete S QL sentences
What dead needs performed, be not the SQL query as caused by bringing into required parameter value, avoids wrong report, therefore the present invention can be with
The problem of being fully solved SQL injection attack wrong report and failing to report.
Brief description of the drawings
The flow chart for the method that Fig. 1 embodiment of the present invention 1 provides.
The structure composition figure for the device that Fig. 2 embodiment of the present invention 2 provides.
Embodiment
Following examples are used to illustrate the present invention, but are not limited to the scope of the present invention.
Embodiment 1
The inventive method flow intercepts plug-in unit as shown in figure 1, disposing SQL on global wide area network Web Application Server,
Following steps are performed in Web Application Server:
SQL SQL injection detection method based on plug-in unit, SQL injection detection method include:
S1, receive database access request.
Required parameter value in S2, acquisition database access request, judges whether deposited in the current request parameter value of acquisition
In SQL keywords.
If SQL keywords in current request parameter value be present, S3 is performed;
S3, from database access request, obtain and include the complete S QL sentences of SQL keywords.
S4, the morphology for extracting complete S QL sentences, if the morphology of the morphology of complete S QL sentences and the primary sentence of SQL query is not
Unanimously, S5 is performed;
S5, using the SQL intercept plug-in unit is added in the database access request SQL interception probe, so as to realize
Interception to the database access request with SQL injection risk.
In S2 of the embodiment of the present invention, judge to whether there is SQL keywords in current request parameter value, if current request parameter
SQL keywords are not present in value, then perform S21;
S21, next database access request is obtained, return S2 is rejudged whether there is in current request parameter value
SQL keywords.
In the present embodiment S4, after the morphology for extracting complete S QL sentences, if the morphology of complete S QL sentences is former with SQL query
The morphology of raw sentence is consistent, then performs S41.
S41, allow database access request.
In the present embodiment S4, before the morphology for extracting complete S QL sentences, in addition to:
Remove the SQL keywords in complete S QL sentences.
The inventive method has the following advantages that:
When whether the present invention causes the SQL injection to judge to database access request, first determine whether in required parameter value whether
SQL keywords be present, if SQL keywords be present, then the morphology of complete S QL sentences judged, if morphology do not meet it is primary
Sentence, then the database access request is judged as that SQL injection can be caused, on the one hand this method is judged by SQL keywords
It can avoid failing to report, on the other hand by judging that it is that itself applies built-in or program to write to exclude some SQL to complete S QL sentences
What dead needs performed, be not the SQL query as caused by bringing into required parameter value, avoids wrong report, therefore the present invention can be with
The problem of being fully solved SQL injection attack wrong report and failing to report.
Embodiment 2
Present invention also offers the device for implementing the above-mentioned SQL injection detection method based on plug-in unit, in global wide area
SQL is disposed on net Web Application Server and intercepts plug-in unit, while SQL injection detection dress is disposed on the Web Application Server
Put.The device composition frame chart is as shown in Fig. 2 including receiving module, the first judge module, the second judge module and interception mould
Block.
Receiving module, for receiving database access request, database access request is sent into the first judge module.
First judge module, for obtaining the required parameter value in database access request, judge current request parameter value
In whether there is SQL keywords, if SQL keywords in current request parameter value be present, database access request is sent to
Two judge modules.
Second judge module, for from database access request, obtaining the complete S QL sentences for including SQL keywords;Sentence
Whether the morphology of disconnected complete S QL sentences is consistent with the morphology of the primary sentence of SQL query, if the morphology of complete S QL sentences is looked into SQL
It is consistent to ask the morphology of primary sentence, then database access request is sent to blocking module.
Blocking module, SQL interception spies are added in the database access request for intercepting plug-in unit using the SQL
Pin, so as to realize the interception to the database access request with SQL injection risk.
In the present embodiment, the first judge module, it is additionally operable to:
If judging SQL keywords are not present in current request parameter value, next database access request is obtained.
In the present embodiment, the second judge module, it is additionally operable to:
If judging, the morphology of complete S QL sentences is consistent with the morphology of the primary sentence of SQL query, allows database access please
Ask.
In the present embodiment, the second judge module, it is additionally operable to:
After the complete S QL sentences comprising SQL keywords are obtained, remove the SQL keywords in complete S QL sentences.
Although above with general explanation and specific embodiment, the present invention is described in detail, at this
On the basis of invention, it can be made some modifications or improvements, this will be apparent to those skilled in the art.Therefore,
These modifications or improvements without departing from theon the basis of the spirit of the present invention, belong to the scope of protection of present invention.
Claims (8)
1. the SQL SQL injection detection method based on plug-in unit, it is characterised in that applied in global wide area network Web
SQL is disposed on server and intercepts plug-in unit, performing following SQL injection detection method in the Web Application Server includes:
The required parameter value in database access request is obtained, judges to whether there is SQL keywords in current request parameter value;
If the SQL keywords in the current request parameter value be present, from the database access request, acquisition includes
The complete S QL sentences of the SQL keywords;
The morphology of the complete S QL sentences is extracted, if the morphology of the morphology of the complete S QL sentences and the primary sentence of SQL query
It is inconsistent, then plug-in unit is intercepted using the SQL and SQL interception probes are added in the database access request.
2. SQL injection detection method as claimed in claim 1, it is characterised in that it is described judge in current request parameter value whether
SQL keywords be present, in addition to:
If the SQL keywords are not present in the current request parameter value, next database access request is obtained.
3. the SQL injection detection method as described in claims 1 or 2, it is characterised in that the extraction complete S QL sentences
Morphology after, in addition to:
If the morphology of the complete S QL sentences is consistent with the morphology of the primary sentence of SQL query, allow the database access please
Ask.
4. the SQL injection detection method as described in claims 1 or 2, it is characterised in that the extraction complete S QL sentences
Morphology before, in addition to:
Remove the SQL keywords in the complete S QL sentences.
5. the SQL SQL injection detection means based on plug-in unit, it is characterised in that applied in global wide area network Web
SQL is disposed on server and intercepts plug-in unit, while SQL injection detection means is disposed on the Web Application Server;
The SQL injection detection means includes receiving module, the first judge module, the second judge module and blocking module;
The receiving module, for receiving database access request, the database access request is sent into the first judge module;
First judge module, for obtaining the required parameter value in database access request, judge current request parameter value
In whether there is SQL keywords, if SQL keywords in current request parameter value be present, the database access request is sent into
To second judge module;
Second judge module is complete comprising the SQL keywords for from the database access request, obtaining
SQL statement;Judge whether the morphology of the complete S QL sentences is consistent with the morphology of the primary sentence of SQL query, if described complete
The morphology of SQL statement is consistent with the morphology of the primary sentence of SQL query, then the database access request is sent into the interception
Module;
The blocking module, SQL interception spies are added in the database access request for intercepting plug-in unit using the SQL
Pin.
6. SQL injection detection means as claimed in claim 5, it is characterised in that first judge module, be additionally operable to:
If judging the SQL keywords are not present in the current request parameter value, next database access request is obtained.
7. the SQL injection detection means as described in claim 5 or 6, it is characterised in that second judge module, be additionally operable to:
If judging, the morphology of the complete S QL sentences is consistent with the morphology of the primary sentence of SQL query, allows the database to visit
Ask request.
8. the SQL injection detection means as described in claim 5 or 6, it is characterised in that second judge module, be additionally operable to:
After the complete S QL sentences comprising the SQL keywords are obtained, the SQL removed in the complete S QL sentences is closed
Key word.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710574499.0A CN107358098A (en) | 2017-07-14 | 2017-07-14 | SQL SQL injection detection method and device based on plug-in unit |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710574499.0A CN107358098A (en) | 2017-07-14 | 2017-07-14 | SQL SQL injection detection method and device based on plug-in unit |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107358098A true CN107358098A (en) | 2017-11-17 |
Family
ID=60292647
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710574499.0A Pending CN107358098A (en) | 2017-07-14 | 2017-07-14 | SQL SQL injection detection method and device based on plug-in unit |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107358098A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109063013A (en) * | 2018-07-11 | 2018-12-21 | 北京安数云信息技术有限公司 | A kind of behavior database operation blocking-up method and device |
CN112527620A (en) * | 2020-12-24 | 2021-03-19 | 北京百度网讯科技有限公司 | Database performance analysis method and device, electronic equipment, medium and product |
CN112804261A (en) * | 2021-03-19 | 2021-05-14 | 北京安华金和科技有限公司 | Data forwarding control method and device, storage medium and electronic device |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102185930A (en) * | 2011-06-09 | 2011-09-14 | 北京理工大学 | Method for detecting SQL (structured query language) injection vulnerability |
CN102567546A (en) * | 2012-01-18 | 2012-07-11 | 北京神州绿盟信息安全科技股份有限公司 | Structured query language (SQL) injection detection method and SQL injection detection device |
CN103338208A (en) * | 2013-07-16 | 2013-10-02 | 五八同城信息技术有限公司 | Method and system for SQL injection and defense |
CN103744802A (en) * | 2013-12-20 | 2014-04-23 | 北京奇虎科技有限公司 | Method and device for identifying SQL injection attacks |
CN105160252A (en) * | 2015-08-10 | 2015-12-16 | 北京神州绿盟信息安全科技股份有限公司 | Method and apparatus for detecting structured query language injection attack |
CN106355094A (en) * | 2016-07-08 | 2017-01-25 | 耿童童 | SQL (structured query language) injection attack defensive system and defensive method based on grammar transformation |
-
2017
- 2017-07-14 CN CN201710574499.0A patent/CN107358098A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102185930A (en) * | 2011-06-09 | 2011-09-14 | 北京理工大学 | Method for detecting SQL (structured query language) injection vulnerability |
CN102567546A (en) * | 2012-01-18 | 2012-07-11 | 北京神州绿盟信息安全科技股份有限公司 | Structured query language (SQL) injection detection method and SQL injection detection device |
CN103338208A (en) * | 2013-07-16 | 2013-10-02 | 五八同城信息技术有限公司 | Method and system for SQL injection and defense |
CN103744802A (en) * | 2013-12-20 | 2014-04-23 | 北京奇虎科技有限公司 | Method and device for identifying SQL injection attacks |
CN105160252A (en) * | 2015-08-10 | 2015-12-16 | 北京神州绿盟信息安全科技股份有限公司 | Method and apparatus for detecting structured query language injection attack |
CN106355094A (en) * | 2016-07-08 | 2017-01-25 | 耿童童 | SQL (structured query language) injection attack defensive system and defensive method based on grammar transformation |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109063013A (en) * | 2018-07-11 | 2018-12-21 | 北京安数云信息技术有限公司 | A kind of behavior database operation blocking-up method and device |
CN112527620A (en) * | 2020-12-24 | 2021-03-19 | 北京百度网讯科技有限公司 | Database performance analysis method and device, electronic equipment, medium and product |
CN112804261A (en) * | 2021-03-19 | 2021-05-14 | 北京安华金和科技有限公司 | Data forwarding control method and device, storage medium and electronic device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104767757B (en) | Various dimensions safety monitoring method and system based on WEB service | |
CN103559235B (en) | A kind of online social networks malicious web pages detection recognition methods | |
US8225402B1 (en) | Anomaly-based detection of SQL injection attacks | |
CN108780485A (en) | Data set extraction based on pattern match | |
CN112217835B (en) | Message data processing method and device, server and terminal equipment | |
US7917759B2 (en) | Identifying an application user as a source of database activity | |
CN111767573A (en) | Database security management method and device, electronic equipment and readable storage medium | |
CN112929390B (en) | Network intelligent monitoring method based on multi-strategy fusion | |
CN109690547A (en) | For detecting the system and method cheated online | |
WO2015179286A1 (en) | Polymorphic treatment of data entered at clients | |
Li et al. | Sentinel: securing database from logic flaws in web applications | |
CN103118035B (en) | Method and the device of analyzing web site access request parameters legal range | |
KR100912794B1 (en) | Web hacking management system and manegement method thereof for real time web server hacking analysis and homepage hacking search | |
CN107832618A (en) | A kind of SQL injection detecting system and its method based on fine granularity control of authority | |
CN103067387B (en) | A kind of anti-phishing monitoring system and method | |
CN108337269A (en) | A kind of WebShell detection methods | |
CN107358098A (en) | SQL SQL injection detection method and device based on plug-in unit | |
Zhang et al. | An empirical study of web resource manipulation in real-world mobile applications | |
Actoriano et al. | Forensic Investigation on WhatsApp Web Using Framework Integrated Digital Forensic Investigation Framework Version 2 | |
CN113961930A (en) | SQL injection vulnerability detection method and device and electronic equipment | |
CN107392027A (en) | A kind of website vulnerability method of testing, test system, electronic equipment and storage medium | |
CN105404796A (en) | JavaScript source file protection method and apparatus | |
Mahapatra et al. | A survey of sq1 injection countermeasures | |
Joshi et al. | Encountering sql injection in web applications | |
CN107222494A (en) | A kind of SQL injection attack defending component and method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171117 |