CN109450846A - A kind of EL expression formula injection loophole batch detecting device and detection method - Google Patents
A kind of EL expression formula injection loophole batch detecting device and detection method Download PDFInfo
- Publication number
- CN109450846A CN109450846A CN201811096606.4A CN201811096606A CN109450846A CN 109450846 A CN109450846 A CN 109450846A CN 201811096606 A CN201811096606 A CN 201811096606A CN 109450846 A CN109450846 A CN 109450846A
- Authority
- CN
- China
- Prior art keywords
- expression formula
- url
- response
- formula injection
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Abstract
The present invention relates to a kind of EL expression formula injection loophole batch detecting device and detection methods, acquisition unit acquires URL file, the first response of server end is obtained based on normal HTTP request, detection sentence, which is injected, based on EL expression formula sends HTTP request, obtain server end second responds, and compares the difference of the first response and the second response, and implementing result of such as the first response without detection sentence and second, which respond, to be existed, then there is loophole, output test result simultaneously saves.The present invention meets the needs of carrying out batch Hole Detection, it supports URL of the acquisition containing keyword or manually imports the file for needing the multiple URL detected, it solves the problems, such as the low efficiency of test EL expression formula injection loophole, waste time and high to safety test personnel requirement, improve detection coverage rate, substantially reduce manual time's cost, the operation of safety test personnel is simplified, and automatically generates testing result, be convenient for reference use.
Description
Technical field
The present invention relates to prevent unauthorized behavior protection computer, its component, program or data safety device skill
Art field, in particular to a kind of coverage rate for improving detection and the EL expression formula injection loophole batch for reducing manual time's cost are examined
Survey device and detection method.
Background technique
EL (Expression Language) is provided at JSP (Java Server Pages, the java server page)
The method of middle simplified expression writes JSP simpler, and EL expression formula is usually to be used to show in display layer in JSP
The degree of coupling of the page can be improved in the label of data, since it facilitates handy, is used for reference and is developed by other frames, most common
Two examples be OGNL (Struts use) language and SPEL (Spring use).
Just because of the simplicity of EL expression formula is easy-to-use, EL expression formula injection loophole also generates at any time, this loophole makes attacker
The sensitive informations such as accessible Web application Application and Session can also execute system life in OGNL and SPEL
It enables.
In the prior art, it generally adopts and manually EL expression formula injection loophole is detected, for safety test
The skills and experience requirement of engineer is relatively high, needs to take a substantial amount of time, and time cost is high, and covers not comprehensive, effect
Rate is low, is unable to reach the demand of batch efficient detection web site environment.
Summary of the invention
Present invention solves the technical problem that being, the prior art, which is adopted, manually examines EL expression formula injection loophole
It surveys, the skills and experience requirement existed for safety test engineer is relatively high, needs to take a substantial amount of time, time cost
Height, and not comprehensive, inefficiency is covered, the problem of being unable to reach the demand of batch efficient detection web site environment, and then provide
The EL expression formula injection loophole batch detecting device and detection method of a kind of optimization.
The technical scheme adopted by the invention is that a kind of EL expression formula injection loophole batch detector methods, the method packet
Include following steps:
Step 1: acquisition URL file;
Step 2: HTTP request being sent based on URL, obtains the first response of server end;
Step 3: HTTP request being sent based on EL expression formula injection detection sentence, obtains the second response of server end;
Step 4: comparing the first response and the second response, such as the first response holding there is no EL expression formula injection detection sentence
Row result and the second response exists, then detect EL expression formula injection loophole, to detecting that EL expression formula injection loophole marks
Note, otherwise, judges no EL expression formula injection loophole;
Step 5: output test result simultaneously saves.
Preferably, in the step 1, the URL of acquisition include URL file containing keyword or containing manually import to
Detect the file of URL.
Preferably, the URL file containing keyword is by input keyword or after manually importing keyed file, benefit
The URL containing keyword is collected with search engine to obtain.
Preferably, the file containing the URL to be detected manually imported passes through the absolute road for needing input file manually
Diameter obtains.
Preferably, in the step 2, the file containing at least one URL is read, based on each of file URL hair
Send HTTP request.
Preferably, in the step 3, by being manually entered EL expression formula injection detection sentence or being loaded into comprising multiple EL tables
The file for injecting detection sentence up to formula initiates EL expression formula injection detection statement requests.
Preferably, in the step 4, do not have to detect the implementing result of sentence and the second in response to belt detection language in the first response
When the implementing result of sentence, there are EL expression formula injection loopholes.
A kind of detection device using a kind of EL expression formula injection loophole batch detector methods, the detection device
Include:
One for acquire the URL containing keyword or manually import the file of URL that needs detect acquisition unit,
One for send normal HTTP request and obtain server end first response normal request unit,
One for sending the second response injected the HTTP request of detection sentence based on EL expression formula and obtain server end
Load request unit,
One for comparing the first response of normal request unit and the second response of load request unit, judging whether there is
The comparing unit of EL expression formula injection loophole
And one for output test result and save output unit.
The present invention provides the EL expression formula injection loophole batch detecting devices and detection method of a kind of optimization, pass through acquisition
Unit acquires URL file, and the first response of server end is obtained based on normal HTTP request, based on the injection detection of EL expression formula
Sentence sends HTTP request, obtains the second response of server end, compares the difference of the first response and the second response, such as the first sound
Should then there be loophole, output test result simultaneously saves without the implementing result for detecting sentence and the second response presence.The present invention is full
Foot carries out the demand of batch Hole Detection, supports URL of the acquisition containing keyword or manually imports the multiple URL's for needing to detect
File solves the problems, such as the low efficiency of test EL expression formula injection loophole, wastes time and high to safety test personnel requirement,
Detection coverage rate is improved, manual time's cost is substantially reduced, simplifies the operation of safety test personnel, and automatically generates detection knot
Fruit, be convenient for reference use.
Detailed description of the invention
Fig. 1 is the structural schematic diagram of detection device of the invention, wherein arrow indicates the direction of response, file transmitting.
Specific embodiment
The present invention is described in further detail below with reference to embodiment, but protection scope of the present invention is not limited to
This.
The present invention relates to a kind of EL expression formula injection loophole batch detector methods, are based on Scrapy frame, solve test
The low efficiency of EL expression formula injection loophole wastes time and the problem high to safety test personnel requirement.
It the described method comprises the following steps.
Step 1: acquisition URL file.
In the step 1, the URL of acquisition includes the URL file containing keyword or containing the URL to be detected manually imported
File.
The URL file containing keyword utilizes search by input keyword or after manually importing keyed file
Engine is collected the URL containing keyword and is obtained.
The file containing the URL to be detected manually imported by needing the absolute path of input file to obtain manually.
In the present invention, due to being based on Scrapy frame, it is one and extracts structural data in order to crawl website data
And the application framework write, access search engine web site may be implemented, URL is collected according to keyword and generates URL dictionary
Function, meanwhile, using the frame, may be implemented to access each URL for needing to detect, including normally request and comprising EL
The request of expression formula injection detection sentence, and the response of server end is obtained, difference judges whether there is EL expression according to response
The function of formula injection loophole.
In the present invention, the URL containing keyword is acquired using search engine, and generate URL dictionary (urls.txt), it can
Batch detection includes multiple URL of same keyword.
In the present invention, support to manually import the file of multiple URL for needing to detect, can manually, flexible configuration needs to examine
The URL of survey.
Step 2: HTTP request being sent based on URL, obtains the first response of server end.
In the step 2, the file containing at least one URL is read, HTTP is sent based on each of file URL and is asked
It asks.
In the present invention, the request that step 2 is sent is normal request.
Step 3: HTTP request being sent based on EL expression formula injection detection sentence, obtains the second response of server end.
In the step 3, infused by being manually entered EL expression formula injection detection sentence or being loaded into comprising multiple EL expression formulas
The file for entering to detect sentence initiates EL expression formula injection detection statement requests.
In the present invention, it is the request that detection sentence is injected comprising EL expression formula that step 3, which is sent, includes in the parameter of request
EL expression formula injection detection sentence.
Step 4: comparing the first response and the second response, such as the first response holding there is no EL expression formula injection detection sentence
Row result and the second response exists, then detect EL expression formula injection loophole, to detecting that EL expression formula injection loophole marks
Note, otherwise, judges no EL expression formula injection loophole;
Step 5: output test result simultaneously saves.
The invention further relates to a kind of detection device using the EL expression formula injection loophole batch detector methods, the inspections
Surveying device includes:
One for acquire the URL containing keyword or manually import the file of URL that needs detect acquisition unit,
One for send normal HTTP request and obtain server end first response normal request unit,
One for sending the second response injected the HTTP request of detection sentence based on EL expression formula and obtain server end
Load request unit,
One for comparing the first response of normal request unit and the second response of load request unit, judging whether there is
The comparing unit of EL expression formula injection loophole
And one for output test result and save output unit.
In the present invention, in conjunction with detection device and detection method, following embodiment is provided:
In the present embodiment, acquisition unit selection URL of the acquisition containing keyword, or selection manually import what needs detected
The file of URL.
In the present embodiment, when choosing the former option, it is based on Scrapy frame, access search engine web site may be implemented, such as
Baidu, bing, google etc., acquire the URL containing keyword, can such as be found from URL keyword Share, wap, url,
Link, src, source, target, u, 3g, display, sourceURL, imageURL, domain etc., input keyword or
Person manually imports keyed file, after the completion of keyword search, the URL of acquisition matching keyword, and generate URL dictionary
(urls.txt), every a line records a URL in the dictionary, by reading the URL dictionary, for each of these URL, hair
HTTP request is sent, the response of server end is obtained.
In the present embodiment, when selecting the latter, supports to manually import the file for needing the URL detected, pass through input file
Absolute path, program reads this document, detects each of these URL with the presence or absence of EL expression formula injection loophole.
In the present embodiment, normal request unit reads the file containing one or more URL that acquisition unit collects,
For each URL, HTTP request is sent, the response of server end is obtained, for normal request.
In the present embodiment, the request that load request unit is sent is the request comprising detecting sentence.
In the present embodiment, if the second response is the implementing result of EL expression formula injection detection sentence, detect that EL is expressed
EL expression formula injection loophole is marked in formula injection loophole, and turns to output module output.
In the present embodiment, selection is manually entered EL expression formula injection detection sentence (payload), or selection is loaded into and includes
The file (payloads.txt) of multiple EL expression formula injection detection sentences, when sending HTTP request again, in the parameter of request
Detection sentence (payload) is injected comprising EL expression formula, obtains the response of server end.
In the present embodiment, by the first response of server end when sending normal request, with transmission asking comprising payload
The second response of server end compares when asking, and according to the difference of the response of the difference of payload and server end, judgement is
It is no that there are EL expression formula injection loopholes.
For example, payload is calc, i.e., executes computerinstruction using system command caused by loophole, if clothes
Second response at business device end shows calculator interface, then proves that there are EL expression formula injection loopholes, otherwise, it was demonstrated that EL is not present
Expression formula injection loophole.
For another example, payload be " http://localhost/login.do? a=$ { whoami } " the case where when, purpose
It is the current user name for obtaining server end, if including current user name information in the second response of server end, proves
There are EL expression formula injection loopholes, otherwise, it was demonstrated that EL expression formula injection loophole is not present.
In the present embodiment, further, in order to avoid EL expression formula injects the implementing result for detecting sentence sheet in webpage
There is the wrong report for leading to loophole in body, response when needing to compare normal request and response when requesting comprising payload are normally asked
Do not have to detect the implementing result of sentence in response bag when asking, and the execution knot of the detection sentence of the request in response to belt with payload
Fruit then judges that loophole exists.
In the present embodiment, detection terminates, and by output unit output test result and saves.
The present invention acquires URL file by acquisition unit, and the first sound of server end is obtained based on normal HTTP request
Answer, based on EL expression formula injection detection sentence send HTTP request, obtain server end second response, compare the first response and
The difference of second response, such as the first response are without the implementing result for detecting sentence and the second response exists, then there is loophole, export
Testing result simultaneously saves.The present invention meets the needs of carrying out batch Hole Detection, supports URL of the acquisition containing keyword or manual
The file for needing the multiple URL detected is imported, the low efficiency of test EL expression formula injection loophole is solved, wastes time and to peace
The demanding problem of full tester improves detection coverage rate, substantially reduces manual time's cost, simplify safety test personnel
Operation, and automatically generate testing result, be convenient for reference use.
Claims (8)
1. a kind of EL expression formula injection loophole batch detector methods, it is characterised in that: the described method comprises the following steps:
Step 1: acquisition URL file;
Step 2: HTTP request being sent based on URL, obtains the first response of server end;
Step 3: HTTP request being sent based on EL expression formula injection detection sentence, obtains the second response of server end;
Step 4: comparing the first response and the second response, there is no the execution knots of EL expression formula injection detection sentence for such as the first response
Fruit and the second response exists, then detect EL expression formula injection loophole, no to detecting that EL expression formula injection loophole is marked
Then, judge no EL expression formula injection loophole;
Step 5: output test result simultaneously saves.
2. a kind of EL expression formula injection loophole batch detector methods according to claim 1, it is characterised in that: the step
In 1, the URL of acquisition includes the URL file containing keyword or the file containing the URL to be detected manually imported.
3. a kind of EL expression formula injection loophole batch detector methods according to claim 2, it is characterised in that: described to contain
The URL file of keyword is collected using search engine containing key by input keyword or after manually importing keyed file
The URL of word is obtained.
4. a kind of EL expression formula injection loophole batch detector methods according to claim 2, it is characterised in that: described to contain
The file of the URL to be detected manually imported by needing the absolute path of input file to obtain manually.
5. a kind of EL expression formula injection loophole batch detector methods according to claim 1, it is characterised in that: the step
In 2, the file containing at least one URL is read, HTTP request is sent based on each of file URL.
6. a kind of EL expression formula injection loophole batch detector methods according to claim 1, it is characterised in that: the step
In 3, by being manually entered EL expression formula injection detection sentence or being loaded into the file comprising multiple EL expression formulas injection detection sentence
Initiate EL expression formula injection detection statement requests.
7. a kind of EL expression formula injection loophole batch detector methods according to claim 1, it is characterised in that: the step
In 4, when not having to detect the implementing result of sentence and the implementing result of the second in response to belt detection sentence in the first response, there are EL tables
Up to formula injection loophole.
8. a kind of detection dress using a kind of EL expression formula injection loophole batch detector methods described in one of claim 1 ~ 7
It sets, it is characterised in that: the detection device includes:
One for acquire the URL containing keyword or manually import the file of URL that needs detect acquisition unit,
One for send normal HTTP request and obtain server end first response normal request unit,
One for sending the second lotus responded injected the HTTP request of detection sentence based on EL expression formula and obtain server end
Load request unit,
One for comparing the first response of normal request unit and the second response of load request unit, judging whether there is EL table
Up to the comparing unit of formula injection loophole
And one for output test result and save output unit.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811096606.4A CN109450846A (en) | 2018-09-19 | 2018-09-19 | A kind of EL expression formula injection loophole batch detecting device and detection method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811096606.4A CN109450846A (en) | 2018-09-19 | 2018-09-19 | A kind of EL expression formula injection loophole batch detecting device and detection method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109450846A true CN109450846A (en) | 2019-03-08 |
Family
ID=65533059
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811096606.4A Pending CN109450846A (en) | 2018-09-19 | 2018-09-19 | A kind of EL expression formula injection loophole batch detecting device and detection method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109450846A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110968475A (en) * | 2019-11-13 | 2020-04-07 | 泰康保险集团股份有限公司 | Method and device for monitoring webpage, electronic equipment and readable storage medium |
CN110995684A (en) * | 2019-11-26 | 2020-04-10 | 西安四叶草信息技术有限公司 | Vulnerability detection method and device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106407803A (en) * | 2016-08-30 | 2017-02-15 | 北京奇虎科技有限公司 | Detection method and device of SQL (Structured Query Language) injection vulnerabilities |
US20170318045A1 (en) * | 2016-04-27 | 2017-11-02 | Sap Se | End-to-End Taint Tracking for Detection and Mitigation of Injection Vulnerabilities in Web Applications |
CN107590387A (en) * | 2017-09-04 | 2018-01-16 | 杭州安恒信息技术有限公司 | EL expression formula injection loopholes detection method, device and electronic equipment |
CN107846407A (en) * | 2017-11-10 | 2018-03-27 | 郑州云海信息技术有限公司 | A kind of method and system of batch detection SSRF leaks |
-
2018
- 2018-09-19 CN CN201811096606.4A patent/CN109450846A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170318045A1 (en) * | 2016-04-27 | 2017-11-02 | Sap Se | End-to-End Taint Tracking for Detection and Mitigation of Injection Vulnerabilities in Web Applications |
CN106407803A (en) * | 2016-08-30 | 2017-02-15 | 北京奇虎科技有限公司 | Detection method and device of SQL (Structured Query Language) injection vulnerabilities |
CN107590387A (en) * | 2017-09-04 | 2018-01-16 | 杭州安恒信息技术有限公司 | EL expression formula injection loopholes detection method, device and electronic equipment |
CN107846407A (en) * | 2017-11-10 | 2018-03-27 | 郑州云海信息技术有限公司 | A kind of method and system of batch detection SSRF leaks |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110968475A (en) * | 2019-11-13 | 2020-04-07 | 泰康保险集团股份有限公司 | Method and device for monitoring webpage, electronic equipment and readable storage medium |
CN110995684A (en) * | 2019-11-26 | 2020-04-10 | 西安四叶草信息技术有限公司 | Vulnerability detection method and device |
CN110995684B (en) * | 2019-11-26 | 2022-06-28 | 西安四叶草信息技术有限公司 | Vulnerability detection method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107256195B (en) | Webpage front-end test method and device | |
US9264443B2 (en) | Browser based method of assessing web application vulnerability | |
US20100174774A1 (en) | Method for server-side logging of client browser state through markup language | |
US20150278080A1 (en) | Processing automation scripts of software | |
CN104881603B (en) | Webpage redirects leak detection method and device | |
US20090037521A1 (en) | System and method for identifying compatibility between users from identifying information on web pages | |
US10491629B2 (en) | Detecting sensitive data sent from client device to third-party | |
CN109347882A (en) | Webpage Trojan horse monitoring method, device, equipment and storage medium | |
CN104573520B (en) | The method and apparatus for detecting resident formula cross site scripting loophole | |
WO2015103122A2 (en) | A method and system for tracking and gathering multivariate testing data | |
US20180131779A1 (en) | Recording And Triggering Web And Native Mobile Application Events With Mapped Data Fields | |
CN107846407A (en) | A kind of method and system of batch detection SSRF leaks | |
US20170371888A1 (en) | Method for advertisement interception in dual-kernel browser and browser apparatus | |
CN106899549A (en) | A kind of network security detection method and device | |
CN107918575A (en) | The monitoring method and device of a kind of page status | |
CN109450846A (en) | A kind of EL expression formula injection loophole batch detecting device and detection method | |
CN106326734A (en) | Method and device for detecting sensitive information | |
US20200034393A1 (en) | Synchronizing http requests with respective html context | |
US20030131319A1 (en) | Lexicon-based new idea detector | |
US20040073653A1 (en) | Servlet monitoring tool | |
CN110392024A (en) | A kind of page detection method is set with scanning engine | |
CN106209487B (en) | For detecting the method and device of the security breaches of webpage in website | |
CN107704369A (en) | A kind of recording method of Operation Log, electronic equipment, storage medium, system | |
CN105721519B (en) | A kind of webpage data acquiring method, apparatus and system | |
CA2786418A1 (en) | Identifying equivalent javascript events |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190308 |