CN109145594B - Vulnerability detection method and device - Google Patents
Vulnerability detection method and device Download PDFInfo
- Publication number
- CN109145594B CN109145594B CN201810804099.9A CN201810804099A CN109145594B CN 109145594 B CN109145594 B CN 109145594B CN 201810804099 A CN201810804099 A CN 201810804099A CN 109145594 B CN109145594 B CN 109145594B
- Authority
- CN
- China
- Prior art keywords
- target
- file
- detection load
- type detection
- target interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 206
- 230000003068 static effect Effects 0.000 claims abstract description 28
- 238000004891 communication Methods 0.000 claims description 18
- 238000000034 method Methods 0.000 claims description 11
- 238000012360 testing method Methods 0.000 description 12
- 238000005516 engineering process Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 230000009471 action Effects 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The disclosure relates to the technical field of network security, and particularly provides a vulnerability detection method and device, wherein the vulnerability detection method comprises the following steps: acquiring a target link, wherein the target link is used for indicating to access a target interface; acquiring path information of the target file according to the target link, wherein the path information of the target file is used for indicating a path for accessing the target interface; generating at least one detection load according to the path information of the target file, wherein the at least one detection load comprises at least one of a first type detection load, a second type detection load and a third type detection load, the first type detection load is used for acquiring an entry file of the target interface, the second type detection load is used for acquiring a non-empty static file referred by a page where the target interface is located, and the third type detection load is used for acquiring a system key file; sending the at least one detection payload to a server. The disclosure is used for vulnerability detection.
Description
Technical Field
The present disclosure relates to the field of network security technologies, and in particular, to a vulnerability detection method and apparatus.
Background
Today, the information technology is rapidly developing, and the network security technology is continuously updated. Lawbreakers utilize vulnerabilities to conduct illegal activities through various network security technologies, wherein arbitrary file reading and downloading vulnerabilities are important utilization points. For example, some websites often need to provide a file viewing or file downloading function due to business requirements, but if the files viewed or downloaded by users are not limited, malicious users can view or download any sensitive files, which is a file reading and downloading vulnerability. Here, the lawbreaker would read some confidential documents or information documents related to the system and architecture. Obtaining database authentication information, for example, by reading a database connection file, resulting in an attacker being able to directly connect to the database; the account password of a system user is obtained by reading a system key file, so that an attacker can remotely log in the system through the obtained user information; and (4) learning business logic by reading a server script file so as to analyze the business vulnerability and further attack.
The traditional file reading and downloading loophole detection cannot be considered comprehensively according to the specific conditions of the detected target, various problems of missing report and false report exist, in some cases, useless or nonexistent files can be read in a large quantity, the pressure of the detected target is greatly increased, and the normal service of the detected target is influenced. In summary, it can be seen that the file reading and downloading vulnerabilities are very huge, but the current detection technology is not complete.
Disclosure of Invention
The embodiment of the disclosure provides a vulnerability detection method and device, which can solve the problems of missing report and false report in file reading and downloading vulnerability detection in the prior art. The technical scheme is as follows:
according to a first aspect of the embodiments of the present disclosure, a vulnerability detection method is provided, which includes:
acquiring a target link, wherein the target link is used for indicating to access a target interface;
acquiring path information of the target file according to the target link, wherein the path information of the target file is used for indicating a path for accessing the target interface;
generating at least one detection load according to the path information of the target file, wherein the at least one detection load comprises at least one of a first type detection load, a second type detection load and a third type detection load, the first type detection load is used for acquiring an entry file of the target interface, the second type detection load is used for acquiring a non-empty static file referred by a page where the target interface is located, and the third type detection load is used for acquiring a system key file;
sending the at least one detection payload to a server.
Compared with the prior art in which only specific files are detected to have detection singleness, the technical scheme of the embodiment realizes detection diversity from the aspect of detecting interface bugs, comprehensively considers the detection of various file types and the condition whether the files exist, and reduces or avoids the problems of missing reports and false reports in the prior art.
In one embodiment, generating the first type of test payload includes:
and generating the first type detection load according to the data structure of the target link, wherein one first type detection load can be generated at one target interface.
In one embodiment, generating the second type of detected payload includes:
determining a target file directory according to the path information of the target interface;
and generating a second type detection load according to the target file directory, wherein a plurality of second type detection loads can be generated in one target interface.
In one embodiment, generating the third type of detected load comprises:
determining a target file directory according to the path information of the target interface;
and generating a third type detection load according to the target file directory, wherein a plurality of third type detection loads can be generated in one target interface.
In one embodiment, the vulnerability detection method provided by the present disclosure further includes: receiving the feedback information of the server, and determining that any file reading and downloading loophole exists in the target interface according to the feedback information;
further, determining that any file reading and downloading vulnerability exists in the target interface according to the feedback information includes at least one of the following determination modes:
receiving first feedback information based on the first type detection load fed back by a server, and determining that any file reading and downloading loophole exists in the target interface if the first feedback information carries a target type source code;
receiving second feedback information based on the second type detection load fed back by the server, and determining that any file reading downloading loophole exists in the target interface if the second feedback information contains a non-empty static file;
and receiving third feedback information which is fed back by the server and is based on the third type detection load, and determining that any file reading and downloading loophole exists in the target interface if the third feedback information conforms to the format of the system key file.
In this embodiment, in addition to determining whether any file reading/downloading vulnerability exists in the target interface through the first type detection load and the second type detection load, the file reading authority and the risk degree of the downloading vulnerability can be determined according to the feedback information of the third type detection load, and the vulnerability damage and the availability degree can be determined.
According to a second aspect of the embodiments of the present disclosure, there is provided a vulnerability detection apparatus, the apparatus including: the device comprises an acquisition module, a generation module and a communication module; wherein,
the acquisition module is used for acquiring a target link, and the target link is used for indicating to access a target interface;
the obtaining module is further configured to obtain path information of the target file according to the target link, where the path information of the target file is used to indicate a path for accessing the target interface;
the generating module is configured to generate at least one detection load according to the path information of the target file, where the at least one detection load includes at least one of a first type detection load, a second type detection load, and a third type detection load, the first type detection load is used to obtain an entry file of the target interface, the second type detection load is used to obtain a non-empty static file referred by a page where the target interface is located, and the third type detection load is used to obtain a system key file;
and the communication module is used for sending the at least one detection load to a server.
In an embodiment, the generating module is specifically configured to generate the first type detection payload according to a data structure of the target link, where one first type detection payload may be generated at one target interface.
In one embodiment, the generating module is specifically configured to determine a target file directory according to the path information of the target interface; and generating a second type detection load according to the target file directory, wherein a plurality of second type detection loads can be generated in one target interface.
In one embodiment, the generating module is specifically configured to determine a target file directory according to the path information of the target interface; and generating a third type detection load according to the target file directory, wherein a plurality of third type detection loads can be generated in one target interface.
In one embodiment, the vulnerability detection apparatus provided by the present disclosure further includes a determination module, wherein,
after the communication module receives the server feedback information, the judging module is used for determining that any file reading and downloading loophole exists in a target interface according to the feedback information;
the judging module determines that any file reading and downloading vulnerability exists in the target interface according to the feedback information, and the judging module comprises at least one of the following determining modes:
the communication module receives first feedback information based on the first type detection load fed back by the server, and if the first feedback information carries a target type source code, the judgment module determines that any file reading downloading loophole exists in the target interface;
the communication module receives second feedback information based on the second type detection load fed back by the server, and if the second feedback information contains a non-empty static file, the judgment module determines that any file reading and downloading loophole exists in the target interface;
the communication module receives third feedback information based on the third type detection load fed back by the server, and if the third feedback information conforms to the format of the system key file, the judgment module determines that any file reading and downloading loophole exists in the target interface.
Compared with the prior art in which only specific files are detected, the vulnerability detection method and device provided by the embodiment of the invention realize detection diversity from the aspect of detecting interface vulnerabilities, comprehensively consider the detection of various file types and the situations of whether the files exist, and reduce or avoid the problems of missing reports and false reports in the prior art. Meanwhile, the vulnerability detection method can judge whether any file reading and downloading vulnerability exists in the target interface through the first type detection load and the second type detection load, can determine the file reading authority and the danger degree of the downloading vulnerability according to the feedback information of the third type detection load, and can judge the vulnerability damage and the availability degree.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
Fig. 1 is a flowchart of a vulnerability detection method provided in an embodiment of the present disclosure;
fig. 2 is a schematic diagram of a logic layer structure of a vulnerability detection apparatus according to an embodiment of the present disclosure.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
It should be noted that the first, second, third, and the like described in the embodiments are merely object difference descriptions for clarity, and do not constitute any limitation on the order of describing the objects.
The embodiment of the present disclosure provides a vulnerability detection method, as shown in fig. 1, the vulnerability detection method includes the following steps:
101. and acquiring a target link, wherein the target link is used for indicating the access of a target interface.
102. And acquiring the path information of the target file according to the target link, wherein the path information of the target file is used for indicating a path for accessing the target interface.
In a specific embodiment, the terminal device evaluates the path information and the file directory and directory hierarchy of the target interface according to the target interface determined by the target link. Vulnerability detection is carried out through the file directory and the directory hierarchy determined by the target interface, and the problems of missing report and false report in the prior art are reduced or avoided.
103. Generating at least one detection load according to the path information of the target file, wherein the at least one detection load comprises at least one of a first type detection load, a second type detection load and a third type detection load, the first type detection load is used for acquiring an entry file of the target interface, the second type detection load is used for acquiring a non-empty static file referred by a page where the target interface is located, and the third type detection load is used for acquiring a system key file; wherein the obtaining described in this embodiment comprises reading and downloading at least one execution action. The vulnerability comprises any file reading and downloading vulnerability.
104. Sending the at least one detection payload to a server. In an optional embodiment, the terminal device constructs an HTTP request for at least one of the first type detection load, the second type detection load, and the third type detection load determined according to the path information of the target interface, and sends the HTTP request to the server.
In one embodiment, generating the first type of test payload includes:
and generating the first type of detection load according to the data structure of the target link, wherein a first type of detection load, which can also be called as an A type load, can be generated at one target interface. The first type of detection load is used for acquiring the entry file of the target interface, and specifically, the first type of detection load is used for reading or downloading the entry file, or is used for reading or downloading the entry file of the target interface. Compared with the prior art, the technical scheme of the embodiment only considers the type of the specific file, does not consider the condition of whether the file exists, brings the existence of the file into the detection consideration range, has more comprehensive detection, and reduces or avoids the problems of missing report and false report in the prior art.
In one embodiment, generating the second type of detected payload includes:
determining a target file directory according to the path information of the target interface; and generating a second type detection load according to the target file directory, wherein a plurality of second type detection loads can be generated in one target interface, and the second type detection loads can also be called as B-type loads. The second type of detection load is a load corresponding to the target interface, that is, all the non-empty static files referred by the page where the detection interface is located and the non-empty static files referred by the web page, and is a load related to all the non-empty static files referred by the page where the detection interface is located, including all the JS files, CSS files, multimedia files, and the like, and the non-empty static files referred by other pages of the web page. The second type of detection load is used for obtaining the corresponding static file, and the method has the advantages of ensuring that the content of the file does not change, being convenient for verification and reducing or avoiding the problems of missing report and false report in the prior art.
In one embodiment, generating the third type of detected load comprises: determining a target file directory according to the path information of the target interface; and generating a third type detection load according to the target file directory, wherein a plurality of third type detection loads can be generated in one target interface. The third type of detection load may also be referred to as a C-type load, and is used to obtain system key files, including loads corresponding to key files and privacy files related to the operating system. More specifically, generating the third payload is generating an operating system-related critical file and a privacy file-related attack payload, including Linux and Windows, as well as other custom systems. The third type of detection load is used for acquiring key files of the system, and the currently readable authority and range are determined according to the acquisition states of the files, so that the vulnerability influence range is determined. Compared with the prior art, the technical scheme of the embodiment can judge the vulnerability harm and the availability degree.
Compared with the prior art in which only specific files are detected to have detection singleness, the technical scheme of the embodiment realizes detection diversity from the aspect of detecting interface bugs, comprehensively considers the detection of various file types and the condition whether the files exist, and reduces or avoids the problems of missing reports and false reports in the prior art.
In one embodiment, the vulnerability detection method provided by the present disclosure further includes: receiving the server feedback information, determining that any file reading downloading loophole exists in the target interface according to the feedback information, and determining the mode is described in detail in the following embodiments.
In one embodiment, the terminal device receives first feedback information based on the first type detection load, which is fed back by a server, and determines that any file reading and downloading loophole exists in the target interface if the first feedback information carries a target type source code.
In one embodiment, the terminal device receives second feedback information based on the second type detection load fed back by the server, and determines that any file reading and downloading vulnerability exists in the target interface if the second feedback information contains a non-empty static file. Specifically, each second-type detection load corresponds to a static file, the second feedback information is first acquired, and whether the content of the static file in the second feedback information is included in or equal to the response of the HTTP request performed by the second-type detection load is judged. And if the relation is contained or equal, determining that any file reading downloading loophole exists in the target interface.
The target conclusion can be detected whether any file reading downloading loophole exists in the target interface or not through judgment of the first feedback information and the second feedback information based on the first type detection load and the second type detection load. Compared with the prior art in which only the single detection of the existence of the specific file is detected, the technical scheme of the embodiment realizes the diversity of detection, and comprehensively considers the detection of various file types and the existence of the file. By controlling the readable files, including detecting the files, the relevant static files and the system key files, and reading and judging feedback information of various files, whether any file reading and downloading loophole exists is accurately judged, and the problems of missing report and false report in the prior art are reduced or avoided.
In one embodiment, the terminal device receives third feedback information based on the third type detection load fed back by the server, and determines that any file reading and downloading vulnerability exists in the target interface if the third feedback information conforms to the format of the system key file. Specifically, whether the received third feedback information meets the file format of the system key file or not is judged, the reading success or failure states of all related files are recorded, and the judging mode comprises multi-character string matching and regular expression matching. And the degree of harm and readable authority of the vulnerability can be confirmed through judgment of the third feedback information. Compared with the technical scheme in the prior art, the method and the device can judge the vulnerability damage and the availability degree. In addition, the existing detection technology generally only carries out character string matching judgment on the result, and the matched character string has no representativeness and uniqueness, so that the problems of missing report and false report are easily caused. The scheme ensures the comprehensiveness of the verification result by adopting the verification judgment rules of various modes.
In this embodiment, in addition to determining whether any file reading/downloading vulnerability exists in the target interface through the first type detection load and the second type detection load, the file reading authority and the risk degree of the downloading vulnerability can be determined according to the feedback information of the third type detection load, and the vulnerability damage and the availability degree can be determined. Compared with the prior art in which only the single detection of the existence of the specific file is detected, the technical scheme of the embodiment realizes the diversity of detection, and comprehensively considers the detection of various file types and the existence of the file. By controlling the readable files, including detecting the files, the relevant static files and the system key files, and reading and judging response information of various files, whether the loophole exists is accurately judged, and the problems of missing report and false report in the prior art are reduced or avoided.
Based on the vulnerability detection method corresponding to the embodiment disclosed in fig. 1, the following embodiment exemplarily introduces a specific implementation process of the vulnerability detection method.
First, a target link is obtained, for example, as follows:
http://test.com/abc/d.php?download=xxx
according to the exemplary target link described above, two static files are determined for reference:
http://test.com/static/a.js
http://test.com/static/b.css
and secondly, acquiring a target interface corresponding to the target link and path information corresponding to the target interface according to the exemplary target link, and determining that the file directory hierarchy interface operation directory is a d.php current directory, namely abc/, according to the path information of the target detection interface.
And thirdly, constructing a detection load. And constructing at least one detection load according to the path information of the target interface to be detected.
First, a first type of detection payload for obtaining an entry file of the target interface is constructed, and the first type of payload constructed according to the data structure of the above exemplary target link is:
http://test.com/abc/d.php?download=d.php
secondly, a second type detection load for acquiring the non-empty static text quoted by the page where the target interface is located is constructed, specifically, a file directory to be detected is determined according to the path information of the detection interface determined by the exemplary target link, and then the second type detection load is constructed according to the file directory as follows:
http://test.com/abc/d.php?download=../static/a.js
http://test.com/abc/d.php?download=../static/b.js
and (3) constructing a third type of detection load for acquiring the system key file again, wherein the construction process is the same as that of the second type of detection load, and the constructed third type of detection load is (partially shown):
http://test.com/abc/d.php?download=../../../../../../../../../etc/passwd
http://test.com/abc/d.php?download=/etc/passwd
http://test.com/abc/d.php?download=../../../../../../../../../etc/shadow
http://test.com/abc/d.php?download=/etc/shadow
and fourthly, sending the constructed detection load to a service, receiving feedback information of the server, and judging whether any file reading and downloading loopholes exist in the target interface according to the feedback information.
Based on the vulnerability detection method described in the response embodiment of fig. 1, the following is an embodiment of the apparatus of the present disclosure, which can be used to execute the embodiment of the method of the present disclosure.
The embodiment of the present disclosure provides a vulnerability detection apparatus, as shown in fig. 2, according to a second aspect of the embodiment of the present disclosure, a vulnerability detection apparatus is provided, which includes: the system comprises an acquisition module 201, a generation module 202 and a communication module 203; wherein,
the acquisition module is used for acquiring a target link, and the target link is used for indicating to access a target interface;
the obtaining module is further configured to obtain path information of the target file according to the target link, where the path information of the target file is used to indicate a path for accessing the target interface;
the generating module is configured to generate at least one detection load according to the path information of the target file, where the at least one detection load includes at least one of a first type detection load, a second type detection load, and a third type detection load, the first type detection load is used to obtain an entry file of the target interface, the second type detection load is used to obtain a non-empty static file referred by a page where the target interface is located, and the third type detection load is used to obtain a system key file;
and the communication module is used for sending the at least one detection load to a server.
In an embodiment, the generating module is specifically configured to generate the first type detection payload according to a data structure of the target link, where one first type detection payload may be generated at one target interface.
In one embodiment, the generating module is specifically configured to determine a target file directory according to the path information of the target interface; and generating a second type detection load according to the target file directory, wherein a plurality of second type detection loads can be generated in one target interface.
In one embodiment, the generating module is specifically configured to determine a target file directory according to the path information of the target interface; and generating a third type detection load according to the target file directory, wherein a plurality of third type detection loads can be generated in one target interface.
In one embodiment, the vulnerability detection apparatus provided by the present disclosure further comprises a determining module 204, wherein,
after the communication module receives the server feedback information, the judging module is used for determining that any file reading and downloading loophole exists in a target interface according to the feedback information;
the judging module determines that any file reading and downloading vulnerability exists in the target interface according to the feedback information, and the judging module comprises at least one of the following determining modes:
the communication module receives first feedback information based on the first type detection load fed back by the server, and if the first feedback information carries a target type source code, the judgment module determines that any file reading downloading loophole exists in the target interface;
the communication module receives second feedback information based on the second type detection load fed back by the server, and if the second feedback information contains a non-empty static file, the judgment module determines that any file reading and downloading loophole exists in the target interface;
the communication module receives third feedback information based on the third type detection load fed back by the server, and if the third feedback information conforms to the format of the system key file, the judgment module determines that any file reading and downloading loophole exists in the target interface.
The specific implementation process of the vulnerability detection apparatus provided in this embodiment is the same as that of the vulnerability detection method, and is not described herein again.
Based on the vulnerability detection method and the vulnerability detection apparatus described in the embodiment corresponding to fig. 1, the embodiment of the present disclosure further provides a computer-readable storage medium, for example, the non-transitory computer-readable storage medium may be a Read Only Memory (ROM), a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like. The storage medium stores computer instructions for executing the vulnerability detection method described in the embodiment corresponding to fig. 1, which is not described herein again.
Compared with the prior art in which only specific files are detected, the vulnerability detection method and device provided by the embodiment of the invention realize detection diversity from the aspect of detecting interface vulnerabilities, comprehensively consider the detection of various file types and the situations of whether the files exist, and reduce or avoid the problems of missing reports and false reports in the prior art. Meanwhile, the vulnerability detection method can judge whether any file reading and downloading vulnerability exists in the target interface through the first type detection load and the second type detection load, can determine the file reading authority and the danger degree of the downloading vulnerability according to the feedback information of the third type detection load, and can judge the vulnerability damage and the availability degree.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.
Claims (8)
1. A vulnerability detection method, the method comprising:
acquiring a target link, wherein the target link is used for indicating to access a target interface;
acquiring path information of a target file according to the target link, wherein the path information of the target file is used for indicating a path for accessing the target interface;
generating at least one detection load according to the path information of the target file, wherein the at least one detection load comprises at least one of a first type detection load, a second type detection load and a third type detection load, the first type detection load is used for acquiring an entry file of the target interface, the second type detection load is used for acquiring a non-empty static file referred by a page where the target interface is located, and the third type detection load is used for acquiring a system key file;
sending the at least one detection load to a server;
receiving the feedback information of the server, and determining that any file reading and downloading loophole exists in the target interface according to the feedback information;
the determining that any file reading and downloading vulnerability exists in the target interface according to the feedback information comprises at least one of the following determining modes:
receiving first feedback information based on the first type detection load fed back by a server, and determining that any file reading and downloading loophole exists in the target interface if the first feedback information carries a target type source code;
receiving second feedback information based on the second type detection load fed back by the server, and determining that any file reading downloading loophole exists in the target interface if the second feedback information contains a non-empty static file;
and receiving third feedback information which is fed back by the server and is based on the third type detection load, and determining that any file reading and downloading loophole exists in the target interface if the third feedback information conforms to the format of the system key file.
2. The method of claim 1, wherein when the detected payload is a first type of detected payload, generating at least one detected payload according to the path information of the target file comprises:
and generating the first type detection load according to the data structure of the target link.
3. The method of claim 1, wherein when the detected payload is a second type of detected payload, generating at least one detected payload according to path information of the target file comprises:
determining a target file directory according to the path information of the target interface;
and generating a second type detection load according to the target file directory.
4. The method of claim 1, wherein when the detected payload is a third type of detected payload, generating at least one detected payload according to path information of the target file comprises:
determining a target file directory according to the path information of the target interface;
and generating a third type detection load according to the target file directory.
5. A vulnerability detection apparatus, the apparatus comprising: the device comprises an acquisition module, a generation module, a communication module and a judgment module; wherein,
the acquisition module is used for acquiring a target link, and the target link is used for indicating to access a target interface;
the obtaining module is further configured to obtain path information of a target file according to the target link, where the path information of the target file is used to indicate a path for accessing the target interface;
the generating module is configured to generate at least one detection load according to the path information of the target file, where the at least one detection load includes at least one of a first type detection load, a second type detection load, and a third type detection load, the first type detection load is used to obtain an entry file of the target interface, the second type detection load is used to obtain a non-empty static file referred by a page where the target interface is located, and the third type detection load is used to obtain a system key file;
the communication module is used for sending the at least one detection load to a server;
the communication module is used for receiving the feedback information of the server;
the judging module is used for determining that any file reading and downloading loophole exists in the target interface according to the feedback information;
the judging module determines that any file reading and downloading vulnerability exists in the target interface according to the feedback information, and the judging module comprises at least one of the following determining modes:
the communication module receives first feedback information based on the first type detection load fed back by the server, and if the first feedback information carries a target type source code, the judgment module determines that any file reading downloading loophole exists in the target interface;
the communication module receives second feedback information based on the second type detection load fed back by the server, and if the second feedback information contains a non-empty static file, the judgment module determines that any file reading and downloading loophole exists in the target interface;
the communication module receives third feedback information based on the third type detection load fed back by the server, and if the third feedback information conforms to the format of the system key file, the judgment module determines that any file reading and downloading loophole exists in the target interface.
6. The apparatus of claim 5, wherein the generation module is specifically configured to:
and generating the first type detection load according to the data structure of the target link.
7. The apparatus of claim 5, wherein the generation module is specifically configured to:
determining a target file directory according to the path information of the target interface;
and generating a second type detection load according to the target file directory.
8. The apparatus of claim 5, wherein the generation module is specifically configured to:
determining a target file directory according to the path information of the target interface;
and generating a third type detection load according to the target file directory.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810804099.9A CN109145594B (en) | 2018-07-20 | 2018-07-20 | Vulnerability detection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810804099.9A CN109145594B (en) | 2018-07-20 | 2018-07-20 | Vulnerability detection method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109145594A CN109145594A (en) | 2019-01-04 |
| CN109145594B true CN109145594B (en) | 2020-08-14 |
Family
ID=64801374
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810804099.9A Active CN109145594B (en) | 2018-07-20 | 2018-07-20 | Vulnerability detection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109145594B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104363236A (en) * | 2014-11-21 | 2015-02-18 | 西安邮电大学 | Automatic vulnerability validation method |
| CN105429955A (en) * | 2015-10-30 | 2016-03-23 | 西安四叶草信息技术有限公司 | Remote vulnerability detection method |
| CN106101145A (en) * | 2016-08-10 | 2016-11-09 | 北京神州绿盟信息安全科技股份有限公司 | A kind of website vulnerability detection method and device |
-
2018
- 2018-07-20 CN CN201810804099.9A patent/CN109145594B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104363236A (en) * | 2014-11-21 | 2015-02-18 | 西安邮电大学 | Automatic vulnerability validation method |
| CN105429955A (en) * | 2015-10-30 | 2016-03-23 | 西安四叶草信息技术有限公司 | Remote vulnerability detection method |
| CN106101145A (en) * | 2016-08-10 | 2016-11-09 | 北京神州绿盟信息安全科技股份有限公司 | A kind of website vulnerability detection method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109145594A (en) | 2019-01-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11570211B1 (en) | Detection of phishing attacks using similarity analysis | |
| US10652748B2 (en) | Method, system and application programmable interface within a mobile device for indicating a confidence level of the integrity of sources of information | |
| CN109376078B (en) | Mobile application testing method, terminal equipment and medium | |
| US10182068B2 (en) | Determine vulnerability using runtime agent and network sniffer | |
| US7613918B2 (en) | System and method for enforcing a security context on a downloadable | |
| US8533581B2 (en) | Optimizing security seals on web pages | |
| US10630721B1 (en) | Monitoring system for detecting and preventing a malicious program code from being uploaded from a client computer to a webpage computer server | |
| CN112703496B (en) | Content policy based notification to application users regarding malicious browser plug-ins | |
| CN111783096B (en) | Method and device for detecting security hole | |
| US20110030058A1 (en) | System and method for scanning and marking web content | |
| CN111914262A (en) | Test method, device, system, electronic equipment and storage medium | |
| KR102093274B1 (en) | Content scanning agent, content scanning method, and storage media on which the program is recorded | |
| US9092640B2 (en) | Access control for server applications | |
| CN111400722A (en) | Method, apparatus, computer device and storage medium for scanning small program | |
| US11770385B2 (en) | Systems and methods for malicious client detection through property analysis | |
| CN110888838A (en) | Object storage based request processing method, device, equipment and storage medium | |
| CN114500054B (en) | Service access method, service access device, electronic device, and storage medium | |
| CN106682491B (en) | Application downloading method and device | |
| US11106791B2 (en) | Determining security risks in binary software code based on network addresses | |
| CN109889410B (en) | Method, system, device, proxy equipment and storage medium for testing service function | |
| US10474810B2 (en) | Controlling access to web resources | |
| CN109086608A (en) | A kind of detection file uploads method, terminal device and the server of loophole | |
| CN111181914B (en) | Method, device and system for monitoring internal data security of local area network and server | |
| CN111666567A (en) | Detection method, device, computer program and medium for malicious modification of application program | |
| CN109145594B (en) | Vulnerability detection method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A vulnerability detection method and device Effective date of registration: 20200901 Granted publication date: 20200814 Pledgee: Xi'an Science and Technology Financial Service Center Co.,Ltd. Pledgor: XI'AN CLOVER CYBER TECHNOLOGY Co.,Ltd. Registration number: Y2020610000136 |