CN111209565B - Horizontal override vulnerability detection method, equipment and computer readable storage medium - Google Patents

Horizontal override vulnerability detection method, equipment and computer readable storage medium Download PDF

Info

Publication number
CN111209565B
CN111209565B CN202010021129.6A CN202010021129A CN111209565B CN 111209565 B CN111209565 B CN 111209565B CN 202010021129 A CN202010021129 A CN 202010021129A CN 111209565 B CN111209565 B CN 111209565B
Authority
CN
China
Prior art keywords
access request
access
preset
parameter
parameters
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010021129.6A
Other languages
Chinese (zh)
Other versions
CN111209565A (en
Inventor
章二林
姚旺
寇相礼
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Merchants Bank Co Ltd
Original Assignee
China Merchants Bank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Merchants Bank Co Ltd filed Critical China Merchants Bank Co Ltd
Priority to CN202010021129.6A priority Critical patent/CN111209565B/en
Publication of CN111209565A publication Critical patent/CN111209565A/en
Application granted granted Critical
Publication of CN111209565B publication Critical patent/CN111209565B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a horizontal override vulnerability detection method, equipment and a computer readable storage medium, wherein the method comprises the following steps: traversing access requests in a preset resource library, filtering each access request, and generating an access request to be detected and a parameter to be detected of the access request to be detected; generating an access request to be verified according to each parameter to be detected, and initiating access based on the access request to be verified; and determining whether the web application corresponding to the access request has a horizontal override vulnerability according to a response result generated by the access. According to the invention, the response result for determining whether the web application has the level override vulnerability is generated according to the parameters to be detected, and the parameters to be detected are from the access request, so that the access request aiming at each function in the web application can trigger detection, and the flexibility and comprehensiveness of the detection are ensured.

Description

Horizontal override vulnerability detection method, equipment and computer readable storage medium
Technical Field
The invention relates to the technical field of internet, in particular to a horizontal override vulnerability detection method, equipment and a computer readable storage medium.
Background
With the development of internet technology, the popularity of Web (World Wide Web, also called World Wide Web) applications is increasing. The web application is an application program accessed through the web, and the access to the application software can be realized only by installing a browser in the terminal, so that the access requirement on the application software is facilitated.
However, the internet brings convenience to life of people, and meanwhile, network attacks of lawless persons to the internet are greatly increased. In web applications, a horizontal unauthorized vulnerability is a common security vulnerability, and an attacker using the vulnerability may cause security problems such as a large amount of user sensitive data divulgence loss, malicious user fund embezzlement and the like. Therefore, how to enhance the level of the web application beyond the right, and discover the potential safety hazard in advance, has become an urgent need of the current web application.
At present, security detection on Web application is mainly realized by a general scanning tool or manual penetration, but the general scanning tool can only cover conventional bugs, and the general scanning tool cannot detect bugs aiming at the personalized characteristics of products, so that the detection flexibility is poor. And manual infiltration requires repeated investment of manpower, and is easy to be omitted under the condition that the functions supported by the web application are more. Therefore, how to improve the flexibility and comprehensiveness of the web application level override vulnerability is a technical problem to be solved urgently at present.
Disclosure of Invention
The invention mainly aims to provide a horizontal override vulnerability detection method, equipment and a computer readable storage medium, and aims to solve the technical problem of how to improve the flexibility and comprehensiveness of a web application horizontal override vulnerability in the prior art.
In order to achieve the above object, the present invention provides a horizontal override vulnerability detection method, which comprises the following steps:
traversing access requests in a preset resource library, filtering each access request, and generating an access request to be detected and a parameter to be detected of the access request to be detected;
generating an access request to be verified according to each parameter to be detected, and initiating access based on the access request to be verified;
and determining whether the web application corresponding to the access request has a horizontal override vulnerability according to a response result generated by the access.
Optionally, the step of generating an access request to be authenticated according to each parameter to be detected, and initiating access based on the access request to be authenticated includes:
combining the parameters to be detected to generate combined parameters, and searching a target access request from a preset resource library, wherein the access address of the target access request is the same as that of the access request to be detected;
and searching a target parameter corresponding to the combined parameter in the target access request, replacing the target parameter by using the combined parameter to generate an access request to be verified, and initiating access based on the access request to be verified.
Optionally, the step of determining whether a web application corresponding to the access request has a level override vulnerability according to a response result generated by the access includes:
acquiring a response result generated by initiating access to the access request to be verified, and calling a target access result corresponding to the access request to be detected;
generating a similarity value between the response result and the target access result, and judging whether the similarity value is greater than a preset threshold value;
if the similarity value is larger than the preset threshold value, judging that the web application corresponding to the access request has a level override vulnerability;
and if the similarity value is not larger than the preset threshold value, judging that the web application corresponding to the access request does not have a horizontal override vulnerability.
Optionally, the step of filtering the access request and generating an access request to be detected and parameters to be detected of the access request to be detected includes:
and each access request is taken as a processing unit to be processed independently, and the following steps are executed:
judging whether the access request meets a preset filtering condition or not according to the access parameter of the access request, and if the access request meets the preset filtering condition, filtering the access request;
and if the access request does not meet the preset filtering condition, taking the access request as an access request to be detected, and filtering each parameter to be entered to generate parameters to be detected.
Optionally, the step of determining whether the access request meets a preset filtering condition according to the access parameter of the access request includes:
judging whether the parameter types of the parameter entering into the access request are all preset types or not, and if the parameter types are all the preset types, judging that the access request meets the preset filtering condition;
if the parameter types are not all preset types, judging whether the response attribute of the access request is a preset attribute;
if the response attribute is a preset attribute, judging that the access request meets a preset filtering condition;
and if the response attribute is not the preset attribute, judging that the access request does not accord with the preset filtering condition.
Optionally, the step of determining whether the access request meets a preset filtering condition according to the access parameter of the access request includes:
judging whether an access request to be compared corresponding to the access request exists in the preset resource library, wherein the access request to be compared and the access request have the same fixed parameters and parameter values;
if an access request to be compared corresponding to the access request exists, judging that the access request meets a preset filtering condition;
and if the access request to be compared corresponding to the access request does not exist, judging that the access request does not accord with the preset filtering condition.
Optionally, the step of filtering each parameter to generate the parameter to be detected includes:
eliminating the parameter to be filtered in the access request, wherein the parameter type in the access request is a preset type;
screening out target parameters to be filtered with parameter lengths larger than a preset length in the parameters to be filtered, and rejecting the target parameters to be filtered with parameter values of the target parameters to be filtered as preset values to generate the parameters to be detected.
Optionally, the step of determining whether the web application corresponding to the access request has a level override vulnerability is followed by:
if the web application corresponding to the access request has the horizontal override vulnerability, marking the horizontal override vulnerability of the web application, and outputting prompt information for the marked horizontal override vulnerability.
Further, in order to achieve the above object, the present invention further provides a horizontal override vulnerability detection apparatus, which includes a memory, a processor, and a horizontal override vulnerability detection program stored in the memory and operable on the processor, wherein the horizontal override vulnerability detection program, when executed by the processor, implements the steps of the horizontal override vulnerability detection method.
Further, to achieve the above object, the present invention also provides a computer readable storage medium, on which a horizontal override vulnerability detection program is stored, and when the horizontal override vulnerability detection program is executed by a processor, the steps of the horizontal override vulnerability detection method are implemented.
The invention discloses a horizontal override vulnerability detection method, which comprises the steps of storing access requests for accessing web applications by presetting a preset resource library, filtering the stored access requests, and generating access requests to be detected and parameters to be detected; generating an access request to be verified according to the parameter to be detected, and initiating access on the basis of the access request to be verified to obtain an access result; and further determining whether the web application accessed by the access request has a horizontal override vulnerability according to the access result. The response result for determining whether the web application has the horizontal override vulnerability is generated according to the parameters to be detected, and the parameters to be detected are from the access request, so that the access request aiming at each function in the web application can trigger detection, and the flexibility and comprehensiveness of the detection are ensured.
Drawings
FIG. 1 is a schematic structural diagram of a hardware operating environment of a device according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a first embodiment of a horizontal override vulnerability detection method according to the present invention;
FIG. 3 is a flowchart illustrating a horizontal override vulnerability detection method according to a second embodiment of the present invention;
fig. 4 is a flowchart illustrating a horizontal override vulnerability detection method according to a third embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The invention provides a horizontal unauthorized vulnerability detection device, and referring to fig. 1, fig. 1 is a schematic structural diagram of a device hardware operating environment related to an embodiment of the horizontal unauthorized vulnerability detection device.
As shown in fig. 1, the horizontal override vulnerability detection apparatus may include: a processor 1001, e.g. a CPU, a communication bus 1002, a user interface 1003, a network interface 1004, a memory 1005. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 1005 may be a high-speed RAM memory or a non-volatile memory (e.g., a magnetic disk memory). The memory 1005 may alternatively be a storage device separate from the processor 1001 described previously.
Those skilled in the art will appreciate that the hardware configuration of the horizontal override vulnerability detection apparatus shown in FIG. 1 does not constitute a limitation of the horizontal override vulnerability detection apparatus, and may include more or less components than those shown, or combine some components, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a kind of computer-readable storage medium, may include therein an operating system, a network communication module, a user interface module, and a horizontal override vulnerability detection program. The operating system is a program for managing and controlling the horizontal unauthorized vulnerability detection equipment and software resources, and supports the operation of a network communication module, a user interface module, the horizontal unauthorized vulnerability detection program and other programs or software; the network communication module is used to manage and control the network interface 1004; the user interface module is used to manage and control the user interface 1003.
In the hardware structure of the horizontal unauthorized vulnerability detection device shown in fig. 1, the network interface 1004 is mainly used for connecting a background server and performing data communication with the background server; the user interface 1003 is mainly used for connecting a client (user side) and performing data communication with the client; the processor 1001 may call the horizontal override vulnerability detection program stored in the memory 1005 and perform the following operations:
traversing access requests in a preset resource library, filtering each access request, and generating an access request to be detected and a parameter to be detected of the access request to be detected;
generating an access request to be verified according to each parameter to be detected, and initiating access based on the access request to be verified;
and determining whether the web application corresponding to the access request has a horizontal override vulnerability according to a response result generated by the access.
Further, the step of generating an access request to be verified according to each parameter to be detected, and initiating an access based on the access request to be verified includes:
combining the parameters to be detected to generate combined parameters, and searching a target access request from a preset resource library, wherein the access address of the target access request is the same as that of the access request to be detected;
and searching a target parameter corresponding to the combined parameter in the target access request, replacing the target parameter with the combined parameter to generate an access request to be verified, and initiating access based on the access request to be verified.
Further, the step of determining whether the web application corresponding to the access request has a horizontal override vulnerability according to a response result generated by the access includes:
acquiring a response result generated by initiating access to the access request to be verified, and calling a target access result corresponding to the access request to be detected;
generating a similarity value between the response result and the target access result, and judging whether the similarity value is greater than a preset threshold value;
if the similarity value is larger than the preset threshold value, judging that the web application corresponding to the access request has a level override vulnerability;
and if the similarity value is not greater than the preset threshold value, judging that the web application corresponding to the access request does not have a horizontal override vulnerability.
Further, the step of filtering each access request to generate an access request to be detected and parameters to be detected of the access request to be detected includes:
and taking each access request as a processing unit to be processed independently, and executing the following steps:
judging whether the access request meets a preset filtering condition or not according to the access parameter of the access request, and if the access request meets the preset filtering condition, filtering the access request;
and if the access request does not meet the preset filtering condition, taking the access request as an access request to be detected, and filtering each parameter to be entered to generate parameters to be detected.
Further, the step of determining whether the access request meets a preset filtering condition according to the access parameter of the access request includes:
judging whether the parameter types of the parameters entered into the access request are all preset types or not, and if the parameter types are all the preset types, judging that the access request meets the preset filtering condition;
if the parameter types are not all preset types, judging whether the response attribute of the access request is a preset attribute;
if the response attribute is a preset attribute, judging that the access request meets a preset filtering condition;
and if the response attribute is not the preset attribute, judging that the access request does not accord with the preset filtering condition.
Further, the step of determining whether the access request meets a preset filtering condition according to the access parameter of the access request includes:
judging whether an access request to be compared corresponding to the access request exists in the preset resource library, wherein the access request to be compared and the access request have the same fixed parameters and parameter values;
if an access request to be compared corresponding to the access request exists, judging that the access request meets a preset filtering condition;
and if the access request to be compared corresponding to the access request does not exist, judging that the access request does not accord with the preset filtering condition.
Further, the step of filtering each parameter to generate the parameter to be detected includes:
eliminating the parameter to be filtered in the access request, wherein the parameter type in the access request is a preset type;
screening out target parameters to be filtered with parameter lengths larger than a preset length in the parameters to be filtered, and rejecting the target parameters to be filtered with parameter values of the target parameters to be filtered as preset values to generate the parameters to be detected.
Further, after determining whether the web application corresponding to the access request has a level override vulnerability, the processor 1001 may call a level override vulnerability detection program stored in the memory 1005 and perform the following operations:
if the web application corresponding to the access request has the level override vulnerability, marking the level override vulnerability existing in the web application, and outputting prompt information for the marked level override vulnerability.
The specific implementation of the horizontal override vulnerability detection device of the present invention is basically the same as the embodiments of the horizontal override vulnerability detection method described below, and is not described herein again.
The invention also provides a horizontal override vulnerability detection method.
Referring to fig. 2, fig. 2 is a flowchart illustrating a first embodiment of a horizontal unauthorized vulnerability detection method according to the present invention.
Embodiments of the present invention provide an embodiment of a horizontal override vulnerability detection method, and it should be noted that although a logic sequence is shown in the flowchart, in some cases, the steps shown or described may be performed in a different sequence than here. Specifically, the method for detecting a horizontal override vulnerability in the embodiment includes:
step S10, traversing access requests in a preset resource library, filtering each access request, and generating an access request to be detected and a parameter to be detected of the access request to be detected.
The horizontal override vulnerability detection method in the embodiment is suitable for detecting the horizontal override vulnerability in the web application. The unauthorized vulnerability is a common logic security vulnerability, and is caused by the fact that the web application server excessively trusts a data operation request provided by a client, the judgment on the operation authority of the user is omitted, and related parameters can be modified to have the functions of adding, deleting, checking and changing other accounts, so that the unauthorized vulnerability is caused. According to the classification of the database operation, the unauthorized vulnerabilities can be classified into the following categories: unauthorized query, unauthorized deletion, unauthorized modification, unauthorized addition, etc. Classifying according to dimensionality, and classifying the unauthorized vulnerability into: horizontal override, vertical override, and cross override. For horizontal override, its authority type is unchanged, and the authority ID (identity) is changed; such as: as well as ordinary users, one of which may view other user information. It is common to check information of other users by modifying a certain ID parameter, for example, when a user checks own information, it is found that there is a parameter of user ID in a URL (Uniform Resource Locator) connection or in an http (HyperText Transfer Protocol) request header, and then the user can check the user information by modifying the parameter. For vertical override, the authority ID is unchanged, and the authority type is changed; such as normal users, can operate using administrator privileges. If the user logs in and finds that the cookie has a role parameter of role ID, the ID can be modified to be 1 or 0, and the administrator authority can be used according to the specific situation. For a cross-over override, its privilege type changes, as does the privilege ID. The present embodiment is preferably described by taking a horizontal override hole as an example.
Further, a preset resource library is preset to store an access request for accessing the web application. And traversing the access requests stored in the preset resource library in the process of detecting the horizontal override vulnerability so as to filter the access requests. The filtering relates to at least two aspects, one is to carry out filtering according to the access request, and when the access request accords with the filtering condition and is characterized that the access request does not have the risk, the filtering is carried out without carrying out horizontal unauthorized vulnerability detection. And secondly, filtering according to parameters carried in the access request, and filtering when the access request carries parameters meeting filtering conditions and representing that the access request does not have risks, and not carrying out horizontal unauthorized vulnerability detection. When the access request in the traversal process does not accord with the filtering condition and the carried parameters do not accord with the filtering condition, representing that the access request may have risks, taking the access request as an access request to be detected, reading the parameters as the parameters to be detected, and detecting whether the web application accessed by the access request has a horizontal override vulnerability according to the parameters to be detected.
Step S20, generating an access request to be verified according to each parameter to be detected, and initiating access based on the access request to be verified;
understandably, the characteristic of the horizontal override vulnerability is that the user information is checked by modifying the user parameters in the URL connection or the http request header; therefore, when the horizontal override vulnerability is detected through the parameter to be detected, the parameter to be detected can replace the corresponding parameter of other access requests initiated by the same function aiming at the same web application in the preset resource library to generate a new access request, namely the access request to be verified. And initiating access through the access request to be verified, and determining whether a level override condition exists in the web application according to the response condition of the access.
And step S30, determining whether the web application corresponding to the access request has a horizontal override vulnerability according to a response result generated by the access.
And further, reading a response result generated by initiating the access of the access request to be verified, and determining whether the web application accessed by the access request to be verified has a level override vulnerability or not according to the response result and a response result corresponding to initiating the access of the access request to be detected. If the response result of the generated access request to be verified, which is replaced by the parameter to be detected, is consistent with the response result generated by the access request to be detected, it is indicated that the web application can realize the acquisition of other user information by modifying the user parameter, and the web application has a level override vulnerability; and otherwise, if the response results of the two are inconsistent or the access request to be verified cannot access the web application, the web application is indicated to have no horizontal override vulnerability. It should be noted that the replacement of the parameter to be detected is essentially the replacement of the parameter value, that is, the same parameter name is searched, and the parameter value of the parameter name is replaced by the parameter value of the parameter to be detected, so as to generate the access request to be verified.
Still further, for the case where a web application has a horizontal vulnerability, a tagging mechanism is provided. Specifically, if it is determined that a level override hole exists in the web application accessed by the access request, the level override hole existing in the web application is marked, the marking can be implemented in the form of an identifier, and different identifiers are set for different types of level override holes. Such as for the horizontal override inquiry setting identifier f1, the horizontal override deletion setting identifier f2, the horizontal override modification setting indicator f3, etc. After the web application is determined to have the horizontal override vulnerability through the response result, the type of the horizontal override vulnerability is determined according to the response result or the operation type of the parameter to be detected, and the horizontal override vulnerability is marked according to the identifier corresponding to the type. And if the response result or the operation type represented by the parameter to be detected is modified, determining that the type of the web application horizontal override vulnerability is the horizontal override modification, and marking the horizontal override vulnerability by the identifier f3 added to the horizontal override vulnerability. In addition, when the horizontal override vulnerability is marked, prompt information is output to prompt timely repair of the horizontal override vulnerability, and the condition of information leakage is avoided. The prompt information may be prompted in a text form or a voice form, which is not limited to this.
The invention discloses a horizontal override vulnerability detection method, which comprises the steps of storing access requests for accessing web applications by presetting a preset resource library, filtering the stored access requests, and generating access requests to be detected and parameters to be detected; generating an access request to be verified according to the parameter to be detected, and initiating access on the basis of the access request to be verified to obtain an access result; and further determining whether the web application accessed by the access request has a horizontal override vulnerability according to the access result. The response result for determining whether the web application has the horizontal override vulnerability is generated according to the parameters to be detected, and the parameters to be detected are from the access request, so that the access request aiming at each function in the web application can trigger detection, and the flexibility and comprehensiveness of the detection are ensured.
Further, based on the first embodiment of the horizontal override vulnerability detection method, the second embodiment of the horizontal override vulnerability detection method is provided.
Referring to fig. 3, the difference between the second embodiment of the horizontal unauthorized vulnerability detection method and the first embodiment of the horizontal unauthorized vulnerability detection method is that the step of generating an access request to be verified according to each parameter to be detected and initiating an access based on the access request to be verified includes:
step S21, combining the parameters to be detected to generate combined parameters, and searching a target access request from a preset resource library, wherein the access address of the target access request is the same as that of the access request to be detected;
step S22, searching for a target parameter corresponding to the combined parameter in the target access request, replacing the target parameter with the combined parameter, generating an access request to be verified, and initiating access based on the access request to be verified.
Understandably, the number of the parameters carried in the access request to be detected is more than one, and under the condition that the number of the parameters carried in the access request to be detected is large, namely under the condition that the number of the parameters to be detected is large, the parameters to be detected are combined to generate combined parameters, and the combined parameters are detected in the form of the combined parameters. Wherein the number of the combined parameters is related to the number of the parameters to be detected; if the parameters to be detected are only two items, the two items are combined to form three combined parameters; if the parameters to be detected are three, the combination parameters formed by combining the three are seven.
Further, a target access request having the same access address as the access request to be detected is searched from a preset resource library, the same access address represents the same information required to be obtained between the access request to be detected and the target access request, or the types of operations performed are the same, such as order information checking or login operation and the like. After the target access request is obtained, the target access request is searched according to the combined parameters, so that the target parameters in the target access request are obtained, and the same parameter names exist between the target parameters and the combined parameters. And then replacing the target parameter by using the combined parameter, namely replacing the parameter value represented by the target parameter by using the parameter value represented by the combined parameter, generating an access request to be verified, and initiating access according to the access request to be verified.
It should be noted that, for each combination parameter obtained by combining the parameters to be detected, the corresponding target parameter is searched from the target access request, and the respective searched target parameter is replaced by the combination parameter one by one, so as to generate each access request to be verified to initiate access, and the horizontal override vulnerability is detected according to the response result of each access request, so that the horizontal override vulnerability is comprehensively detected by each parameter. For example, an access request for a certain web application login operation, the parameters to be authenticated include an account A1, a password A2 and an authentication code A3, so that the combined parameters include A1, A2, A1A2, A2A3 and A1A2A3; searching a target access request for performing login operation on the web application in a preset resource library, wherein the account B1, the password B2 and the verification code B3 are found; the target parameters corresponding to the combination parameters are respectively B1, B2, B3, B1B2, B1B3, B2B3 and B1B2B3; thus, sequentially using A1, A2, A3, A1A2, A1A3, A2A3 and A1A2A3 to respectively replace B1, B2, B3, B1B2, B1B3, B2B3 and B1B2B3, generating an access request to be verified to initiate access, and obtaining response results c1, c2, c3, c4, c5, c6 and c7; the horizontal override holes in the web application are comprehensively detected through c1, c2, c3, c4, c5, c6 and c 7.
The method comprises the steps of generating a combined parameter by using a parameter to be detected in an access request to be detected, searching a target access request with the same address as the access request to be detected, replacing a parameter value of the target parameter in the target access request by using the parameter value of the combined parameter to obtain an access request to be verified, and comprehensively detecting a horizontal override vulnerability in the web application by using a response result generated by initiating access by the access request to be verified and a response result generated by initiating access by the access request to be detected.
Further, based on the second embodiment of the horizontal override vulnerability detection method, a third embodiment of the horizontal override vulnerability detection method is provided.
Referring to fig. 4, the third embodiment of the horizontal override vulnerability detection method is different from the second embodiment of the horizontal override vulnerability detection method in that the step of determining whether a web application corresponding to the access request has a horizontal override vulnerability according to a response result generated by the access includes:
step S31, acquiring a response result generated by initiating access to the access request to be verified, and calling a target access result corresponding to the access request to be detected;
step S32, generating a similarity value between the response result and the target access result, and judging whether the similarity value is greater than a preset threshold value;
step S33, if the similarity value is larger than the preset threshold value, judging that the web application corresponding to the access request has a level override vulnerability;
step S34, if the similarity value is not larger than the preset threshold value, judging that the web application corresponding to the access request does not have a horizontal override vulnerability.
In the embodiment, when the horizontal override vulnerability in the web application is detected according to the response result generated by the to-be-verified access request and the response result generated by the to-be-detected access request initiating access, the response result generated by the to-be-verified access request is obtained first, and then the target access result generated by calling the to-be-detected access request from the preset resource library for access is obtained. And comparing the response result with the target access result to generate a similarity value between the response result and the target access result, and representing the similarity degree between the response result and the target access result through the similarity value.
Further, in order to determine the similarity between the response result and the target access result, a preset threshold is set in advance according to requirements; and comparing the generated similarity value with the preset threshold value, and judging whether the similarity value is greater than the preset threshold value. If the similarity degree is larger than the preset threshold value, the similarity degree between the response result and the target response result is higher, and the function corresponding to the access request in the web application can acquire the function information of other users in a parameter modification mode, so that the web application existence level unauthorized vulnerability is judged. And if the similarity value is not greater than the preset threshold value, the similarity degree between the response result and the target response result is not high, and the web application is judged to have no horizontal override vulnerability.
According to the method and the device, the horizontal override vulnerability in the web application is detected through the response result of the access request to be verified generated by each combined parameter, the combined parameter can be generated aiming at the access request of each function in the web application, and the access request to be verified is generated to access to obtain the response result, so that the detection of the horizontal override vulnerability in the web application is more comprehensive and flexible, and the pertinence is higher.
Further, based on the first embodiment of the horizontal override vulnerability detection method, a fourth embodiment of the horizontal override vulnerability detection method is provided.
The difference between the fourth embodiment of the horizontal override vulnerability detection method and the first embodiment of the horizontal override vulnerability detection method is that the step of filtering the access request to generate the access request to be detected and the parameters to be detected of the access request to be detected includes:
when traversing each access request in the preset resource library, taking each access request as a processing unit to carry out independent processing, and executing the following steps:
step S11, judging whether the access request meets a preset filtering condition or not according to the access parameter of the access request, and if the access request meets the preset filtering condition, filtering the access request;
in the embodiment, when filtering the access request and generating the to-be-detected parameters, a filtering mechanism is provided for extracting the request, before detection and after detection. Specifically, a preset filtering condition is set in advance according to the common characteristics of all parameters in the same access request or the consistency of all parameters among different access requests; the common characteristics at least comprise null values and fixed values, and the preset filtering condition is that all parameters in the access request are null values or fixed values; the consistency is the consistency of the user personality parameters among different access requests, and if a user initiates an access request to the web application by using the same account in browsers of different versions, the accounts serving as the user personality parameters are consistent. Taking parameters in the access request as parameter entries, reading the parameter entries of the access request after the access request is extracted from the preset resource library, and judging whether the access request meets preset filtering conditions or not according to the parameter entries. If the access request is judged to accord with the preset filtering condition, filtering the access request; on the contrary, if the access request does not meet the preset filtering condition, it indicates that the risk of the access request itself cannot be eliminated, so the access request itself is not filtered, and the access parameter in the access request is read for filtering.
The method comprises the following steps of aiming at the situation that the preset filtering condition is set according to the common characteristics of all parameters in the same access request, and judging whether the access request meets the preset filtering condition or not according to the access parameter of the access request, wherein the steps comprise:
step S111, judging whether the parameter types of the parameters entered into the access request are all preset types, and if the parameter types are all preset types, judging that the access request meets preset filtering conditions;
step S112, if the parameter types are not all preset types, judging whether the response attribute of the access request is a preset attribute;
step S113, if the response attribute is a preset attribute, judging that the access request meets a preset filtering condition;
step S114, if the response attribute is not a preset attribute, determining that the access request does not meet a preset filtering condition.
Further, when the access request is extracted for filtering, the null value of the parameter of the entry parameter is used as a preset type. <xnotran> , , . </xnotran> And if the access requests are both null values, judging that the access requests meet preset filtering conditions, and filtering the access requests. For the filtering before the detection, taking the parameter of the input parameter as a fixed value as a preset type; and judging whether the parameter types of the access parameters contained in the access request are the preset types, namely judging whether each access parameter is a fixed value. If the access requests are fixed values, the access requests are judged to accord with preset filtering conditions, and the access requests are filtered.
Further, if it is determined that the parameter type of each parameter is not uniform to the predetermined type, all the parameters in the access request are null values or fixed values. And reading the response attribute of a response page generated by the web application responding to the access request, and judging whether the response attribute is a preset attribute. The preset attribute is preset and used for representing the attribute without the unauthorized risk, such as the attribute of an error prompt page, the attribute of a public page and the like, so that the misjudgment rate is reduced by setting the attribute of the response page as the preset attribute. If the response attribute of the response page is judged to be the preset attribute, the access request does not have the unauthorized risk, the access request is judged to accord with the preset filtering condition, and the access request is filtered. On the contrary, if the response attribute of the response page is not the preset attribute, the unauthorized risk of the access request cannot be eliminated; and judging that the access request does not accord with the preset filtering condition, not filtering the access request, and reading the access parameter in the access request for filtering.
The step of judging whether the access request meets the preset filtering condition according to the access parameter of the access request aiming at the condition that the preset filtering condition is set through the consistency of all parameters among different access requests comprises the following steps:
step S115, judging whether an access request to be compared corresponding to the access request exists in the preset resource library, wherein the access request to be compared and the access request have the same fixed parameters and parameter values;
step S116, if an access request to be compared corresponding to the access request exists, judging that the access request meets a preset filtering condition;
step S117, if there is no access request to be compared corresponding to the access request, determining that the access request does not meet a preset filtering condition.
Further, a preset resource library used for storing access requests generated by the users and the web application access session is judged, and whether the access requests to be compared corresponding to the access requests exist is determined. The access request to be compared and the access request are requests initiated by different user accounts for the same request or function, and besides parameters related to the user accounts, such as the account, the password and the like, other parameters are fixed parameters, such as an application version, a recommender number and the like. Thus, the access request to be compared and the access request have the same fixed parameters and parameter values. If the access request to be compared exists, the access request does not have risk, and the access request is judged to meet the preset filtering condition. On the contrary, if the comparison access request does not exist, the unauthorized risk of the access request cannot be eliminated; and judging that the access request does not accord with the preset filtering condition, not filtering the access request, and reading the parameter of the access request for filtering.
And S12, if the access request does not meet the preset filtering condition, taking the access request as an access request to be detected, and filtering each parameter to be entered to generate parameters to be detected.
Further, if the access request is determined not to meet the preset filtering condition according to the parameter of the access request, and the access request itself cannot be filtered, taking the access request as the access request to be detected, reading each parameter of the access request to be detected, filtering, and generating each parameter of the access request to be detected as a parameter to be detected, specifically, filtering each parameter of the access request, and generating the parameter to be detected includes:
step S121, eliminating the parameter entering parameters with the parameter types being preset types in the access request to obtain the parameters to be filtered in the access request;
and step S122, screening out the target parameters to be filtered with the parameter length of each parameter to be filtered being larger than the preset length, and rejecting the target parameters to be filtered with the parameter value of each target parameter to be filtered being the preset value to generate the parameters to be detected.
Further, if the access request does not meet the preset filtering condition, it indicates that the parameter types of the parameter entries in the access request are not all null values or fixed values, and the parameter entries with the parameter types of null values or fixed values are removed, that is, the parameter entries with the parameter types of the preset types in the access request are removed. And taking each rejected parameter as a parameter to be filtered in the access request, and reading the parameter length of each parameter to be filtered. And then comparing each parameter length with a preset length, and determining a target parameter length which is greater than the preset length. The preset length is a length value which is preset and represents that the parameter to be filtered has the risk of the unauthorized, and if the parameter length of the parameter to be filtered is greater than the preset length, the filter parameter is named in a table possibly to have the risk of the unauthorized. And determining each parameter to be filtered with the target parameter length as a target parameter to be filtered, and distinguishing the target parameter to be filtered from the parameter to be filtered which is not more than the preset length in each parameter to be filtered.
Understandably, there are various parameter entries carried in the access request, which have a certain length greater than the preset length but do not have the risk of unauthorized access, such as an account type code, an application version number, a device type, and the like. And taking the parameter values of the parameters as preset values, comparing the parameter values represented by the target parameters to be filtered with the preset values one by one, and judging whether the parameter values of the target parameters to be filtered are the preset values or not. If the parameter value of a certain target parameter to be filtered is the preset value, the target parameter to be filtered is removed, after each target parameter to be filtered is judged and removed, the remaining target parameter to be filtered is generated into a parameter to be detected representing that the access request possibly has risk, and whether a horizontal unauthorized vulnerability exists in the web application accessed by the access request is detected through the parameter to be detected.
According to the method and the device, the access requests are filtered by setting a multi-filtering mechanism, so that the misjudgment rate is reduced while accurate filtering is ensured, and the method and the device are favorable for comprehensively and accurately detecting the level override vulnerability of the web application aiming at the access requests of all functions in the web application.
In addition, the embodiment of the invention also provides a computer readable storage medium.
The computer readable storage medium has stored thereon a horizontal override vulnerability detection program, which when executed by the processor implements the steps of the horizontal override vulnerability detection method described above.
The specific implementation of the computer-readable storage medium of the present invention is substantially the same as the embodiments of the horizontal override vulnerability detection method, and will not be described herein again.
The present invention is described in connection with the accompanying drawings, but the present invention is not limited to the above embodiments, which are only illustrative and not restrictive, and those skilled in the art can make various changes without departing from the spirit and scope of the invention as defined by the appended claims, and all changes that come within the meaning and range of equivalency of the specification and drawings that are obvious from the description and the attached claims are intended to be embraced therein.

Claims (6)

1. A horizontal override vulnerability detection method is characterized by comprising the following steps:
traversing access requests in a preset resource library, and filtering each access request, wherein the preset resource library is preset and stores the access requests accessed by the web application;
determining whether the access requests and the carried parameters of the access requests meet the filtering conditions or not according to the filtering results, wherein each access request is used as a processing unit to be processed independently, judging whether the access requests meet the preset filtering conditions or not according to the access parameters of the access requests, filtering the access requests if the access requests meet the preset filtering conditions, and taking the access requests as the access requests to be detected if the access requests do not meet the preset filtering conditions;
eliminating the parameter to be filtered in the access request, wherein the parameter type in the access request is a preset type;
screening out target parameters to be filtered with parameter lengths larger than a preset length in the parameters to be filtered, and rejecting the target parameters to be filtered with parameter values of the target parameters to be filtered as preset values to generate parameters to be detected;
combining the parameters to be detected to generate combined parameters, and searching a target access request from a preset resource library, wherein the access address of the target access request is the same as that of the access request to be detected;
searching a target parameter corresponding to the combined parameter in the target access request, replacing the target parameter with the combined parameter to generate an access request to be verified, and initiating access based on the access request to be verified;
acquiring a response result generated by initiating access to the access request to be verified, and calling a target access result corresponding to the access request to be detected;
generating a similarity value between the response result and the target access result, and judging whether the similarity value is greater than a preset threshold value or not;
if the similarity value is larger than the preset threshold value, judging that the web application corresponding to the access request has a level override vulnerability;
and if the similarity value is not greater than the preset threshold value, judging that the web application corresponding to the access request does not have a horizontal override vulnerability.
2. The method according to claim 1, wherein the step of determining whether the access request meets a preset filtering condition according to the parameter of the access request comprises:
judging whether the parameter types of the parameter entering into the access request are all preset types or not, and if the parameter types are all the preset types, judging that the access request meets the preset filtering condition;
if the parameter types are not all preset types, judging whether the response attribute of the access request is a preset attribute;
if the response attribute is a preset attribute, judging that the access request meets a preset filtering condition;
and if the response attribute is not the preset attribute, judging that the access request does not accord with the preset filtering condition.
3. The method according to claim 1, wherein the step of determining whether the access request meets a preset filtering condition according to the parameter of the access request comprises:
judging whether an access request to be compared corresponding to the access request exists in the preset resource library, wherein the access request to be compared and the access request have the same fixed parameters and parameter values;
if an access request to be compared corresponding to the access request exists, judging that the access request meets a preset filtering condition;
and if the access request to be compared corresponding to the access request does not exist, judging that the access request does not accord with the preset filtering condition.
4. The method of any one of claims 1-3, wherein the method further comprises:
if the web application corresponding to the access request has the horizontal override vulnerability, marking the horizontal override vulnerability of the web application, and outputting prompt information for the marked horizontal override vulnerability.
5. A horizontal override hole detection device comprising a memory, a processor, and a horizontal override hole detection program stored on the memory and executable on the processor, the horizontal override hole detection program when executed by the processor implementing the steps of the horizontal override hole detection method according to any one of claims 1 to 4.
6. A computer-readable storage medium, having stored thereon a horizontal override vulnerability detection program, which when executed by a processor, implements the steps of the horizontal override vulnerability detection method of any one of claims 1-4.
CN202010021129.6A 2020-01-08 2020-01-08 Horizontal override vulnerability detection method, equipment and computer readable storage medium Active CN111209565B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010021129.6A CN111209565B (en) 2020-01-08 2020-01-08 Horizontal override vulnerability detection method, equipment and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010021129.6A CN111209565B (en) 2020-01-08 2020-01-08 Horizontal override vulnerability detection method, equipment and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN111209565A CN111209565A (en) 2020-05-29
CN111209565B true CN111209565B (en) 2022-12-23

Family

ID=70788973

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010021129.6A Active CN111209565B (en) 2020-01-08 2020-01-08 Horizontal override vulnerability detection method, equipment and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN111209565B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111740992B (en) * 2020-06-19 2022-08-30 北京字节跳动网络技术有限公司 Website security vulnerability detection method, device, medium and electronic equipment
CN112491807A (en) * 2020-11-05 2021-03-12 杭州孝道科技有限公司 Horizontal override vulnerability detection method based on interactive application detection technology
CN112464250A (en) * 2020-12-15 2021-03-09 光通天下网络科技股份有限公司 Method, device and medium for automatically detecting unauthorized vulnerability
CN113242257A (en) * 2021-05-26 2021-08-10 中国银行股份有限公司 Unauthorized vulnerability detection method, device, equipment and storage medium
CN113722740B (en) * 2021-09-06 2023-07-28 全知科技(杭州)有限责任公司 Method for detecting risk of horizontal unauthorized access to sensitive data based on interface portrait
CN114070583B (en) * 2021-10-12 2023-10-20 鸬鹚科技(深圳)有限公司 Information access control method, device, computer equipment and medium
CN113961940B (en) * 2021-12-21 2022-03-25 杭州海康威视数字技术股份有限公司 Override detection method and device based on authority dynamic update mechanism
CN114499960B (en) * 2021-12-24 2024-03-22 深圳开源互联网安全技术有限公司 CSRF vulnerability identification method, device and computer readable storage medium
CN115529171B (en) * 2022-09-16 2024-07-23 浙江网商银行股份有限公司 Behavior detection method and device
CN115348117B (en) * 2022-10-20 2023-03-24 闪捷信息科技有限公司 User level unauthorized behavior determination method and device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110414242A (en) * 2019-08-02 2019-11-05 中国工商银行股份有限公司 For detecting the method, apparatus, equipment and medium of service logic loophole
CN110489966A (en) * 2019-08-12 2019-11-22 腾讯科技(深圳)有限公司 Parallel go beyond one's commission leak detection method, device, storage medium and electronic equipment

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105357195B (en) * 2015-10-30 2019-06-14 深信服科技股份有限公司 Go beyond one's commission leak detection method and the device of web access
CN106713347B (en) * 2017-01-18 2019-06-11 国网江苏省电力公司电力科学研究院 A kind of electric power mobile application unauthorized access leak detection method
CN107577949A (en) * 2017-09-05 2018-01-12 郑州云海信息技术有限公司 A kind of Web goes beyond one's commission leak detection method and system
CN109446819B (en) * 2018-10-30 2020-12-22 北京知道创宇信息技术股份有限公司 Unauthorized vulnerability detection method and device
CN109710743A (en) * 2018-12-28 2019-05-03 郑州云海信息技术有限公司 A kind of access method of storage pool, device and electronic equipment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110414242A (en) * 2019-08-02 2019-11-05 中国工商银行股份有限公司 For detecting the method, apparatus, equipment and medium of service logic loophole
CN110489966A (en) * 2019-08-12 2019-11-22 腾讯科技(深圳)有限公司 Parallel go beyond one's commission leak detection method, device, storage medium and electronic equipment

Also Published As

Publication number Publication date
CN111209565A (en) 2020-05-29

Similar Documents

Publication Publication Date Title
CN111209565B (en) Horizontal override vulnerability detection method, equipment and computer readable storage medium
CN109922052B (en) Malicious URL detection method combining multiple features
CN110602029B (en) Method and system for identifying network attack
WO2018188558A1 (en) Method and apparatus for identifying account permission
US7444680B2 (en) Webcrawl internet security analysis and process
KR101001132B1 (en) Method and System for Determining Vulnerability of Web Application
CN106209488B (en) Method and device for detecting website attack
CN111416811B (en) Unauthorized vulnerability detection method, system, equipment and storage medium
CN113779585B (en) Unauthorized vulnerability detection method and device
CN107689940B (en) WebShell detection method and device
CN107896219B (en) Method, system and related device for detecting website vulnerability
CN111404937B (en) Method and device for detecting server vulnerability
CN110430188B (en) Rapid URL filtering method and device
CN112738127B (en) Web-based website and host vulnerability detection system and method thereof
CN111581637B (en) SQL injection detection method, device, equipment and computer storage medium
CN113132329A (en) WEBSHELL detection method, device, equipment and storage medium
CN111031025B (en) Method and device for automatically detecting and verifying Webshell
CN110837646A (en) Risk investigation device of unstructured database
CN109165513B (en) System configuration information inspection method and device and server
CN112148545B (en) Security baseline detection method and security baseline detection system of embedded system
CN115242436B (en) Malicious traffic detection method and system based on command line characteristics
WO2016173327A1 (en) Method and device for detecting website attack
CN116094808A (en) Access control vulnerability detection method and system based on RBAC mode Web application security
KR101512700B1 (en) A precise access control system for unauthorized traffic in a web server based on user behavior patterns and the control method thereof
CN111666471A (en) Information acquisition method and device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant