CN107358098A - SQL SQL injection detection method and device based on plug-in unit - Google Patents

SQL SQL injection detection method and device based on plug-in unit Download PDF

Info

Publication number
CN107358098A
CN107358098A CN201710574499.0A CN201710574499A CN107358098A CN 107358098 A CN107358098 A CN 107358098A CN 201710574499 A CN201710574499 A CN 201710574499A CN 107358098 A CN107358098 A CN 107358098A
Authority
CN
China
Prior art keywords
sql
morphology
complete
database access
sentences
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710574499.0A
Other languages
Chinese (zh)
Inventor
周黎明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing An Information Technology Co Ltd
Original Assignee
Beijing An Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing An Information Technology Co Ltd filed Critical Beijing An Information Technology Co Ltd
Priority to CN201710574499.0A priority Critical patent/CN107358098A/en
Publication of CN107358098A publication Critical patent/CN107358098A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses the SQL SQL injection detection method based on plug-in unit and device, and SQL is disposed on global wide area network Web Application Server and intercepts plug-in unit, performing following SQL injection detection method in Web Application Server includes:Receive database access request;The required parameter value in database access request is obtained, judges to whether there is SQL keywords in current request parameter value;If SQL keywords in current request parameter value be present, from database access request, the complete S QL sentences comprising SQL keywords of acquisition;The morphology of complete S QL sentences is extracted, if the morphology of the morphology of complete S QL sentences and the primary sentence of SQL query is inconsistent, plug-in unit is intercepted using SQL SQL interception probes is added in database access request.The problem of present invention can solve the problem that the existing wrong report of existing SQL injection detection technique and fail to report.

Description

SQL SQL injection detection method and device based on plug-in unit
Technical field
The present invention relates to technical field of network information safety, and in particular to the SQL SQL notes based on plug-in unit Enter detection method and device.
Background technology
In technical field of network security, when carrying out application and development using B/S (browser/server) pattern, if not right The legitimacy of client side user input data is detected, then application program can be caused certain potential safety hazard to be present, caused SQL (SQL, Structured Query Language) injection risk be present in application program.
SQL is a kind of data base querying and programming language, for accessing data and inquiry, renewal and administrative relationships Database Systems, SQL injection protection are always the emphasis of network security.And sql command by being inserted into Web tables by SQL injection Dan Zhong, or being inserted into sql command inputs domain name or sql command in the inquiry string of page request, be finally reached and take advantage of Server is deceived to perform the sql command of malice.Attacker causes to attack, so as to obtain sensitivity by SQL injection to application program Information, and in some cases, it is also possible to cause the loss of server authority.Therefore, for Database Systems, prevent Imperial SQL injection is quite important, and defence of the portal management personnel to SQL injection is also extremely paid attention to.
At present, the mode of common SQL injection defense technique generally use network packet capturing, that is to say, that will be by network Between safety means grab network packet, then analyze this packet reach server after might have what influence.Than Such as access http://www.aaaa.com/a.html1=1or 2=2, it is only one quiet to be very likely to this a.html The state page, without any operation to database, and must be reported for the traditional application firewall of this access Attacked for SQL, here it is obviously report by mistake.Due to carrying out decoding failure for the url of access, decrypting the in the case of of failure, Fail to report and also occur.
Therefore it is badly in need of a kind of accurate SQL injection detection mode at present, avoids reporting by mistake the appearance of sum.
The content of the invention
It is an object of the invention to provide the SQL SQL injection detection method based on plug-in unit and device, uses To solve the problems, such as to report by mistake and fail to report existing for existing SQL injection detection technique.
To achieve the above object, the inventive method comprises the following steps:
SQL SQL injection detection method based on plug-in unit, on global wide area network Web Application Server top Affix one's name to SQL and intercept plug-in unit, performing following SQL injection detection method in Web Application Server includes:
Receive database access request.
The required parameter value in database access request is obtained, is judged crucial with the presence or absence of SQL in current request parameter value Word.
If SQL keywords in current request parameter value be present, from database access request, acquisition includes SQL keys The complete S QL sentences of word.
The morphology of complete S QL sentences is extracted, if the morphology of the morphology of complete S QL sentences and the primary sentence of SQL query differs Cause, then intercept plug-in unit using SQL adds SQL interception probes in the database access request.
Further, database access request includes the required parameter value of more than 2.
Further, judge to whether there is SQL keywords in current request parameter value, in addition to:
If SQL keywords are not present in current request parameter value, next required parameter value is obtained.
Further, after the morphology for extracting complete S QL sentences, in addition to:
If the morphology of complete S QL sentences is consistent with the morphology of the primary sentence of SQL query, allow database access request.
Further, before the morphology for extracting complete S QL sentences, in addition to:
Remove the SQL keywords in complete S QL sentences.
Present invention also offers the SQL SQL injection detection means based on plug-in unit, in global wide area network Web SQL is disposed on application server and intercepts plug-in unit, while SQL injection detection means is disposed on the Web Application Server.
SQL injection detection means includes receiving module, the first judge module, the second judge module and blocking module.
Receiving module, for receiving database access request, database access request is sent into the first judge module.
First judge module, for obtaining the required parameter value in database access request, judge current request parameter value In whether there is SQL keywords, if SQL keywords in current request parameter value be present, database access request is sent to Two judge modules.
Second judge module, for from database access request, obtaining the complete S QL sentences for including SQL keywords;Sentence Whether the morphology of disconnected complete S QL sentences is consistent with the morphology of the primary sentence of SQL query, if the morphology of complete S QL sentences is looked into SQL It is consistent to ask the morphology of primary sentence, then database access request is sent to blocking module.
Blocking module, SQL interception probes are added in the database access request for intercepting plug-in unit using SQL.
Further, two or more required parameter value is included in database access request.
Further, the first judge module, it is additionally operable to:
If judging SQL keywords are not present in current request parameter value, next required parameter value is obtained.
Further, the second judge module, it is additionally operable to:
If judging, the morphology of complete S QL sentences is consistent with the morphology of the primary sentence of SQL query, allows database access please Ask.
Further, the second judge module, it is additionally operable to:
After the complete S QL sentences comprising SQL keywords are obtained, remove the SQL keywords in complete S QL sentences.
The inventive method has the following advantages that:
When whether the present invention causes the SQL injection to judge to database access request, first determine whether in required parameter value whether SQL keywords be present, if SQL keywords be present, then the morphology of complete S QL sentences judged, if morphology do not meet it is primary Sentence, then the database access request is judged as that SQL injection can be caused, on the one hand this method is judged by SQL keywords It can avoid failing to report, on the other hand by judging that it is that itself applies built-in or program to write to exclude some SQL to complete S QL sentences What dead needs performed, be not the SQL query as caused by bringing into required parameter value, avoids wrong report, therefore the present invention can be with The problem of being fully solved SQL injection attack wrong report and failing to report.
Brief description of the drawings
The flow chart for the method that Fig. 1 embodiment of the present invention 1 provides.
The structure composition figure for the device that Fig. 2 embodiment of the present invention 2 provides.
Embodiment
Following examples are used to illustrate the present invention, but are not limited to the scope of the present invention.
Embodiment 1
The inventive method flow intercepts plug-in unit as shown in figure 1, disposing SQL on global wide area network Web Application Server, Following steps are performed in Web Application Server:
SQL SQL injection detection method based on plug-in unit, SQL injection detection method include:
S1, receive database access request.
Required parameter value in S2, acquisition database access request, judges whether deposited in the current request parameter value of acquisition In SQL keywords.
If SQL keywords in current request parameter value be present, S3 is performed;
S3, from database access request, obtain and include the complete S QL sentences of SQL keywords.
S4, the morphology for extracting complete S QL sentences, if the morphology of the morphology of complete S QL sentences and the primary sentence of SQL query is not Unanimously, S5 is performed;
S5, using the SQL intercept plug-in unit is added in the database access request SQL interception probe, so as to realize Interception to the database access request with SQL injection risk.
In S2 of the embodiment of the present invention, judge to whether there is SQL keywords in current request parameter value, if current request parameter SQL keywords are not present in value, then perform S21;
S21, next database access request is obtained, return S2 is rejudged whether there is in current request parameter value SQL keywords.
In the present embodiment S4, after the morphology for extracting complete S QL sentences, if the morphology of complete S QL sentences is former with SQL query The morphology of raw sentence is consistent, then performs S41.
S41, allow database access request.
In the present embodiment S4, before the morphology for extracting complete S QL sentences, in addition to:
Remove the SQL keywords in complete S QL sentences.
The inventive method has the following advantages that:
When whether the present invention causes the SQL injection to judge to database access request, first determine whether in required parameter value whether SQL keywords be present, if SQL keywords be present, then the morphology of complete S QL sentences judged, if morphology do not meet it is primary Sentence, then the database access request is judged as that SQL injection can be caused, on the one hand this method is judged by SQL keywords It can avoid failing to report, on the other hand by judging that it is that itself applies built-in or program to write to exclude some SQL to complete S QL sentences What dead needs performed, be not the SQL query as caused by bringing into required parameter value, avoids wrong report, therefore the present invention can be with The problem of being fully solved SQL injection attack wrong report and failing to report.
Embodiment 2
Present invention also offers the device for implementing the above-mentioned SQL injection detection method based on plug-in unit, in global wide area SQL is disposed on net Web Application Server and intercepts plug-in unit, while SQL injection detection dress is disposed on the Web Application Server Put.The device composition frame chart is as shown in Fig. 2 including receiving module, the first judge module, the second judge module and interception mould Block.
Receiving module, for receiving database access request, database access request is sent into the first judge module.
First judge module, for obtaining the required parameter value in database access request, judge current request parameter value In whether there is SQL keywords, if SQL keywords in current request parameter value be present, database access request is sent to Two judge modules.
Second judge module, for from database access request, obtaining the complete S QL sentences for including SQL keywords;Sentence Whether the morphology of disconnected complete S QL sentences is consistent with the morphology of the primary sentence of SQL query, if the morphology of complete S QL sentences is looked into SQL It is consistent to ask the morphology of primary sentence, then database access request is sent to blocking module.
Blocking module, SQL interception spies are added in the database access request for intercepting plug-in unit using the SQL Pin, so as to realize the interception to the database access request with SQL injection risk.
In the present embodiment, the first judge module, it is additionally operable to:
If judging SQL keywords are not present in current request parameter value, next database access request is obtained.
In the present embodiment, the second judge module, it is additionally operable to:
If judging, the morphology of complete S QL sentences is consistent with the morphology of the primary sentence of SQL query, allows database access please Ask.
In the present embodiment, the second judge module, it is additionally operable to:
After the complete S QL sentences comprising SQL keywords are obtained, remove the SQL keywords in complete S QL sentences.
Although above with general explanation and specific embodiment, the present invention is described in detail, at this On the basis of invention, it can be made some modifications or improvements, this will be apparent to those skilled in the art.Therefore, These modifications or improvements without departing from theon the basis of the spirit of the present invention, belong to the scope of protection of present invention.

Claims (8)

1. the SQL SQL injection detection method based on plug-in unit, it is characterised in that applied in global wide area network Web SQL is disposed on server and intercepts plug-in unit, performing following SQL injection detection method in the Web Application Server includes:
The required parameter value in database access request is obtained, judges to whether there is SQL keywords in current request parameter value;
If the SQL keywords in the current request parameter value be present, from the database access request, acquisition includes The complete S QL sentences of the SQL keywords;
The morphology of the complete S QL sentences is extracted, if the morphology of the morphology of the complete S QL sentences and the primary sentence of SQL query It is inconsistent, then plug-in unit is intercepted using the SQL and SQL interception probes are added in the database access request.
2. SQL injection detection method as claimed in claim 1, it is characterised in that it is described judge in current request parameter value whether SQL keywords be present, in addition to:
If the SQL keywords are not present in the current request parameter value, next database access request is obtained.
3. the SQL injection detection method as described in claims 1 or 2, it is characterised in that the extraction complete S QL sentences Morphology after, in addition to:
If the morphology of the complete S QL sentences is consistent with the morphology of the primary sentence of SQL query, allow the database access please Ask.
4. the SQL injection detection method as described in claims 1 or 2, it is characterised in that the extraction complete S QL sentences Morphology before, in addition to:
Remove the SQL keywords in the complete S QL sentences.
5. the SQL SQL injection detection means based on plug-in unit, it is characterised in that applied in global wide area network Web SQL is disposed on server and intercepts plug-in unit, while SQL injection detection means is disposed on the Web Application Server;
The SQL injection detection means includes receiving module, the first judge module, the second judge module and blocking module;
The receiving module, for receiving database access request, the database access request is sent into the first judge module;
First judge module, for obtaining the required parameter value in database access request, judge current request parameter value In whether there is SQL keywords, if SQL keywords in current request parameter value be present, the database access request is sent into To second judge module;
Second judge module is complete comprising the SQL keywords for from the database access request, obtaining SQL statement;Judge whether the morphology of the complete S QL sentences is consistent with the morphology of the primary sentence of SQL query, if described complete The morphology of SQL statement is consistent with the morphology of the primary sentence of SQL query, then the database access request is sent into the interception Module;
The blocking module, SQL interception spies are added in the database access request for intercepting plug-in unit using the SQL Pin.
6. SQL injection detection means as claimed in claim 5, it is characterised in that first judge module, be additionally operable to:
If judging the SQL keywords are not present in the current request parameter value, next database access request is obtained.
7. the SQL injection detection means as described in claim 5 or 6, it is characterised in that second judge module, be additionally operable to:
If judging, the morphology of the complete S QL sentences is consistent with the morphology of the primary sentence of SQL query, allows the database to visit Ask request.
8. the SQL injection detection means as described in claim 5 or 6, it is characterised in that second judge module, be additionally operable to:
After the complete S QL sentences comprising the SQL keywords are obtained, the SQL removed in the complete S QL sentences is closed Key word.
CN201710574499.0A 2017-07-14 2017-07-14 SQL SQL injection detection method and device based on plug-in unit Pending CN107358098A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710574499.0A CN107358098A (en) 2017-07-14 2017-07-14 SQL SQL injection detection method and device based on plug-in unit

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710574499.0A CN107358098A (en) 2017-07-14 2017-07-14 SQL SQL injection detection method and device based on plug-in unit

Publications (1)

Publication Number Publication Date
CN107358098A true CN107358098A (en) 2017-11-17

Family

ID=60292647

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710574499.0A Pending CN107358098A (en) 2017-07-14 2017-07-14 SQL SQL injection detection method and device based on plug-in unit

Country Status (1)

Country Link
CN (1) CN107358098A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109063013A (en) * 2018-07-11 2018-12-21 北京安数云信息技术有限公司 A kind of behavior database operation blocking-up method and device
CN112527620A (en) * 2020-12-24 2021-03-19 北京百度网讯科技有限公司 Database performance analysis method and device, electronic equipment, medium and product
CN112804261A (en) * 2021-03-19 2021-05-14 北京安华金和科技有限公司 Data forwarding control method and device, storage medium and electronic device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102185930A (en) * 2011-06-09 2011-09-14 北京理工大学 Method for detecting SQL (structured query language) injection vulnerability
CN102567546A (en) * 2012-01-18 2012-07-11 北京神州绿盟信息安全科技股份有限公司 Structured query language (SQL) injection detection method and SQL injection detection device
CN103338208A (en) * 2013-07-16 2013-10-02 五八同城信息技术有限公司 Method and system for SQL injection and defense
CN103744802A (en) * 2013-12-20 2014-04-23 北京奇虎科技有限公司 Method and device for identifying SQL injection attacks
CN105160252A (en) * 2015-08-10 2015-12-16 北京神州绿盟信息安全科技股份有限公司 Method and apparatus for detecting structured query language injection attack
CN106355094A (en) * 2016-07-08 2017-01-25 耿童童 SQL (structured query language) injection attack defensive system and defensive method based on grammar transformation

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102185930A (en) * 2011-06-09 2011-09-14 北京理工大学 Method for detecting SQL (structured query language) injection vulnerability
CN102567546A (en) * 2012-01-18 2012-07-11 北京神州绿盟信息安全科技股份有限公司 Structured query language (SQL) injection detection method and SQL injection detection device
CN103338208A (en) * 2013-07-16 2013-10-02 五八同城信息技术有限公司 Method and system for SQL injection and defense
CN103744802A (en) * 2013-12-20 2014-04-23 北京奇虎科技有限公司 Method and device for identifying SQL injection attacks
CN105160252A (en) * 2015-08-10 2015-12-16 北京神州绿盟信息安全科技股份有限公司 Method and apparatus for detecting structured query language injection attack
CN106355094A (en) * 2016-07-08 2017-01-25 耿童童 SQL (structured query language) injection attack defensive system and defensive method based on grammar transformation

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109063013A (en) * 2018-07-11 2018-12-21 北京安数云信息技术有限公司 A kind of behavior database operation blocking-up method and device
CN112527620A (en) * 2020-12-24 2021-03-19 北京百度网讯科技有限公司 Database performance analysis method and device, electronic equipment, medium and product
CN112804261A (en) * 2021-03-19 2021-05-14 北京安华金和科技有限公司 Data forwarding control method and device, storage medium and electronic device

Similar Documents

Publication Publication Date Title
CN104767757B (en) Various dimensions safety monitoring method and system based on WEB service
CN103559235B (en) A kind of online social networks malicious web pages detection recognition methods
US8225402B1 (en) Anomaly-based detection of SQL injection attacks
CN108780485A (en) Data set extraction based on pattern match
CN112217835B (en) Message data processing method and device, server and terminal equipment
US7917759B2 (en) Identifying an application user as a source of database activity
CN111767573A (en) Database security management method and device, electronic equipment and readable storage medium
CN112929390B (en) Network intelligent monitoring method based on multi-strategy fusion
CN109690547A (en) For detecting the system and method cheated online
WO2015179286A1 (en) Polymorphic treatment of data entered at clients
Li et al. Sentinel: securing database from logic flaws in web applications
CN103118035B (en) Method and the device of analyzing web site access request parameters legal range
KR100912794B1 (en) Web hacking management system and manegement method thereof for real time web server hacking analysis and homepage hacking search
CN107832618A (en) A kind of SQL injection detecting system and its method based on fine granularity control of authority
CN103067387B (en) A kind of anti-phishing monitoring system and method
CN108337269A (en) A kind of WebShell detection methods
CN107358098A (en) SQL SQL injection detection method and device based on plug-in unit
Zhang et al. An empirical study of web resource manipulation in real-world mobile applications
Actoriano et al. Forensic Investigation on WhatsApp Web Using Framework Integrated Digital Forensic Investigation Framework Version 2
CN113961930A (en) SQL injection vulnerability detection method and device and electronic equipment
CN107392027A (en) A kind of website vulnerability method of testing, test system, electronic equipment and storage medium
CN105404796A (en) JavaScript source file protection method and apparatus
Mahapatra et al. A survey of sq1 injection countermeasures
Joshi et al. Encountering sql injection in web applications
CN107222494A (en) A kind of SQL injection attack defending component and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171117