CN111597559A - Method, device, equipment and storage medium for detecting system command injection vulnerability - Google Patents
Method, device, equipment and storage medium for detecting system command injection vulnerability Download PDFInfo
- Publication number
- CN111597559A CN111597559A CN202010413709.XA CN202010413709A CN111597559A CN 111597559 A CN111597559 A CN 111597559A CN 202010413709 A CN202010413709 A CN 202010413709A CN 111597559 A CN111597559 A CN 111597559A
- Authority
- CN
- China
- Prior art keywords
- payload
- http request
- dns query
- character string
- specific character
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
Abstract
The application discloses a system command injection vulnerability detection method, which comprises the steps of constructing a payload, inserting the payload into an HTTP request, recording the payload and HTTP request parameters, sending the HTTP request to a target operating system, enabling the target operating system to execute the payload to perform DNS query, obtaining DNS query records from a self-built DNS server, determining vulnerability positions according to the HTTP request parameters if the DNS query records comprise specific character strings, and quickly detecting system command injection vulnerability based on a DNS channel.
Description
Technical Field
The present disclosure relates to the field of computer security, and in particular, to a method and an apparatus for detecting a system command injection vulnerability, a device and a storage medium.
Background
The system command is convenient for users of the application program to process functions of relevant application scenes, various common languages provide commands to execute relevant functions, and meanwhile, a called variable does not consider security factors, and can execute malicious command calling and be attacked and utilized. In the application, because the calling of the external program is realized by the program spelling command line (including the parameters), the user can break through the limitation by small amount and realize the calling of other external programs. The system command injection can execute any command on the server, and the system can be remotely controlled by utilizing the system command injection loophole according to the instruction execution command of a remote attacker.
In the prior art, system command injection detection is one of common vulnerability detection modes, and according to a vulnerability judgment method, the system command injection vulnerability detection method comprises system command injection detection based on page response with echoing and system command injection vulnerability detection based on time blind injection.
And (3) based on page response and echoed system command injection vulnerability detection, constructing a request packet with a proper payload to enable the current application program to output a specific character string, and judging whether the vulnerability exists according to the preset character string. When the application program executes the system command and does not change the page playback, the absence of the system command injection vulnerability is judged according to the detection method, so that the system command injection vulnerability is not reported.
The method comprises the steps of constructing a request packet with proper payload to change the response time of a current application program, and judging whether page response time consumption is matched with the request packet with predetermined payload through multiple requests to judge whether a system command injection vulnerability exists or not. Time-blind based system command injection vulnerability detection may not rely on response content to detect vulnerabilities that occur without playback. However, in an actual process, network delay caused by network fluctuation is unavoidable, so that a system command injection vulnerability detection method based on time blind injection is easy to generate false alarm, on the other hand, detection time is long, and detection efficiency is not high.
Disclosure of Invention
In view of this, the present disclosure provides a method for detecting a vulnerability in a target operating system, including:
constructing payload; wherein the payload contains a specific character string;
inserting the payload into an HTTP request and recording the payload and HTTP request parameters;
sending the HTTP request to the target operating system, and enabling the target operating system to execute the payload to perform DNS query;
acquiring a DNS query record from a self-built DNS server, and determining a vulnerability position according to the HTTP request parameter if the DNS query record comprises the specific character string;
and the DNS query record comprises information obtained when the target operating system carries out DNS query.
In one possible implementation, the constructing payload includes:
randomly generating a set of the specific character strings;
splicing the specific character string with a preset domain name to obtain a domain name string;
and filling the domain name string into a command to obtain the payload.
In one possible implementation, inserting the payload into the HTTP request and recording the payload and HTTP request parameters includes:
inserting the payload into a corresponding parameter in the HTTP request;
recording the specific character string and the HTTP request parameter;
storing the particular string and the HTTP request parameters in a local database.
In a possible implementation manner, obtaining a DNS query record from a self-built DNS server, and if the DNS query record includes the specific character string, determining a vulnerability location according to the HTTP request parameter includes:
acquiring a DNS query record of the self-built DNS server;
extracting the domain name in the DNS query record;
and if the sub-character string in the domain name is the same as the specific character string, determining the vulnerability position according to the HTTP request parameter.
In one possible implementation, if the DNS server does not have a DNS query record, there is no vulnerability.
In one possible implementation, the command is set according to the kind of the target operating system.
According to another aspect of the present disclosure, a system command vulnerability detection apparatus is provided, which is characterized by comprising a payload construction module, a payload insertion module, an HTTP request transmission module, and a vulnerability location determination module;
the payload constructing module is configured to construct a payload; wherein the payload contains a specific character string;
the payload insertion module is configured to insert the payload into an HTTP request and record the payload and HTTP request parameters;
the HTTP request sending module is configured to send the HTTP request to a target operating system, and the target operating system is made to execute the payload to perform DNS query;
the vulnerability location determining module is configured to acquire a DNS query record from a self-built DNS server, and determine a vulnerability location according to the HTTP request parameter if the DNS query record comprises the specific character string;
and the DNS query record comprises information obtained when the target operating system carries out DNS query.
In one possible implementation manner, the payload constructing module includes a character string generating unit, a character string splicing unit, and a domain name string filling unit;
the character string generation unit configured to randomly generate a set of the specific character strings;
the character string splicing unit is configured to splice the specific character string with a preset domain name to obtain a domain name string;
the domain name string filling unit is configured to fill the domain name string into a command to obtain the payload.
According to another aspect of the present disclosure, a system command vulnerability detection apparatus is provided, which includes:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to execute the executable instructions to implement any of the methods described above.
According to another aspect of the present disclosure, there is provided a non-transitory computer readable storage medium having computer program instructions stored thereon, wherein the computer program instructions, when executed by a processor, implement the method of any of the preceding.
The method comprises the steps of constructing a payload, wherein the payload comprises a specific character string, inserting the payload into an HTTP request, recording the payload and HTTP request parameters, sending the HTTP request to a target operating system, enabling the target operating system to execute the payload to perform DNS query, obtaining DNS query records from a self-built DNS server, and determining a vulnerability position according to the HTTP request parameters if the DNS query records comprise the specific character string, wherein the DNS query records comprise information obtained when the target operating system performs DNS query. The system command injection vulnerability detection based on the DNS channel can be used for quickly detecting the system command injection vulnerability, whether a target application program is required to be displayed back or not is not required, the applicable target is wider, the vulnerability can be quickly detected, vulnerability detection time is shortened, scanning efficiency is improved, accuracy is stably improved, and false alarm rate and missing report rate are reduced.
Other features and aspects of the present disclosure will become apparent from the following detailed description of exemplary embodiments, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate exemplary embodiments, features, and aspects of the disclosure and, together with the description, serve to explain the principles of the disclosure.
Fig. 1 illustrates a flow chart of a system command injection vulnerability detection method of an embodiment of the present disclosure;
FIG. 2 shows another flowchart of a system command injection vulnerability detection method of an embodiment of the present disclosure;
FIG. 3 illustrates a block diagram of a system command injection vulnerability detection apparatus of an embodiment of the present disclosure;
fig. 4 shows a block diagram of a system command injection vulnerability detection apparatus of an embodiment of the present disclosure.
Detailed Description
Various exemplary embodiments, features and aspects of the present disclosure will be described in detail below with reference to the accompanying drawings. In the drawings, like reference numbers can indicate functionally identical or similar elements. While the various aspects of the embodiments are presented in drawings, the drawings are not necessarily drawn to scale unless specifically indicated.
The word "exemplary" is used exclusively herein to mean "serving as an example, embodiment, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.
Furthermore, in the following detailed description, numerous specific details are set forth in order to provide a better understanding of the present disclosure. It will be understood by those skilled in the art that the present disclosure may be practiced without some of these specific details. In some instances, methods, means, elements and circuits that are well known to those skilled in the art have not been described in detail so as not to obscure the present disclosure.
Fig. 1 shows a flowchart of a system command injection vulnerability detection method according to an embodiment of the present disclosure. As shown in fig. 1, the method for detecting a command injection vulnerability of a system includes:
step S100, constructing a payload, wherein the payload comprises a specific character string, step S200, inserting the payload into an HTTP request and recording the payload and HTTP request parameters, step S300, sending the HTTP request to a target operating system, enabling the target operating system to execute the payload to perform DNS query, step S400, obtaining a DNS query record from a self-built DNS server, and if the DNS query record comprises the specific character string, determining a vulnerability position according to the HTTP request parameters, wherein the DNS query record comprises information obtained when the target operating system performs DNS query.
The method comprises the steps of constructing a payload, wherein the payload comprises a specific character string, inserting the payload into an HTTP request, recording the payload and HTTP request parameters, sending the HTTP request to a target operating system, enabling the target operating system to execute the payload to perform DNS query, obtaining DNS query records from a self-built DNS server, and determining a vulnerability position according to the HTTP request parameters if the DNS query records comprise the specific character string, wherein the DNS query records comprise information obtained when the target operating system performs DNS query. The system command injection vulnerability detection based on the DNS channel can be used for quickly detecting the system command injection vulnerability, whether a target application program is required to be displayed back or not is not required, the applicable target is wider, the vulnerability can be quickly detected, vulnerability detection time is shortened, scanning efficiency is improved, accuracy is stably improved, and false alarm rate and missing report rate are reduced.
Before executing each step of the system command injection vulnerability detection method disclosed by the present disclosure, a DNS server, that is, a self-built DNS server is also deployed, wherein the self-built DNS server can set a specific domain name, and when receiving a query request of the specific domain name, the self-built DNS server records and stores the record, and generates a DNS query record.
Specifically, referring to fig. 1, step S100 is first executed to construct a payload, where the payload includes a specific character string.
In one possible implementation, first constructing a payload is performed, where constructing the payload includes: randomly generating a group of specific character strings, splicing the specific character strings with a preset domain name to obtain a domain name string, and filling the domain name string into a command to obtain payload. For example, a specific set of strings is first randomly generated: "fajfaddladf", this substring and domain name "example.com" are spliced together, and the domain name string of "fajfaddladf.example.com" is obtained, and then the domain name string is filled into the corresponding system command, wherein it needs to be described that the command is set according to the kind of the target operating system, if the target operating system is LINUX operating system, the "[ DNS ]" in the "& ping-nc 3[ DNS ]" statement is replaced by the command containing the domain name string, and if the target operating system is filled into the command, the "& ping-nc3 fajfaddladf.example.com" is obtained, and the payload is obtained.
In another possible implementation manner, if the target operating system is a Windows operating system, the "[ DNS ]" in the command "-ping [ DNS ]" statement is replaced with a command containing a domain name string, for example, "fajfadfladflexplex.
It should be noted that the method of the present disclosure does not limit the type of the target operating system, and for other operating systems, the domain name string may be filled in the position of the corresponding command.
Further, referring to fig. 1, step S200 is executed to insert payload into the HTTP request and record the payload and HTTP request parameters.
In one possible implementation, after constructing the payload, inserting the payload into the HTTP request and recording the payload and HTTP request parameters, wherein the step further includes: inserting payload into corresponding parameters in an HTTP request, then recording a specific character string and HTTP request parameters, and finally storing the specific character string and the HTTP request parameters into a local database, wherein the HTTP request parameters comprise GET: request a file from the Web server, POST: sending data to a Web server to process the data by the Web server, wherein the PUT: and sending data to the Web server and storing the data in the Web server, wherein the HEAD: check if an object exists, DELETE: delete a file from the Web server, CONNECT: support for channels, TRACE: trace path to server, OPTIONS: for example, if the target operating system is a LINUX operating system, replacing the [ DNS ] "in the" & ping-nc 3[ DNS ] "statement with a command containing a domain name string, for example, filling" fajfadflat.example.com "into the command to obtain" & ping-nc3 fajfadflat.example.com ", that is, to obtain a payload, and filling the command into a GET parameter in the HTTP request, where the corresponding statement is: GET/127.0.0.1/CommandInjection/injection2. php? c ═ test "% 26 ping% 20-nc% 203% 20" fajfadflfform.example.com, then record the specific character string "fajfadflff", and at the same time, GET parameter in HTTP request parameter: 127.0.0.1/CommandInjection/injection2. php? c ═ test "% 26 ping% 20-nc% 203% 20" fajfadf. example. com, and specific strings and HTTP request parameters are saved in a local database.
Further, referring to fig. 1, step S300 is executed to send an HTTP request to the target operating system, so that the target operating system executes payload to perform DNS query.
In a possible implementation manner, if the target operating system is a LINUX operating system, replacing the [ DNS ] "in the" & ping-nc 3[ DNS ] "statement with a command including a domain name string, for example, filling" fajfadflat.example.com "into the command to obtain" & ping-nc3 fajfadflat.example.com ", that is, to obtain a payload, and filling the command into a GET parameter in the HTTP request, where the corresponding statement is: GET/127.0.0.1/CommandInjection/injection2. php? c ═ test "% 26 ping% 20-nc% 203% 20" fajfaddFladf.example.com, when the target operating system receives the HTTP request, referring to fig. 2, if there is a bug, step S001 is executed, the command in the target operating system is executed, step S002 is executed, the target operating system is used as a DNS query client to query through a self-established server, and the target operating system records the queried information to obtain a DNS query record, wherein the DNS query record includes a specific character string.
It should be noted that, referring to fig. 2, if the corresponding command (detection code) is not executed in step S001, if there is no bug, the corresponding command is not executed.
Further, referring to fig. 1, step S400 is executed to obtain a DNS query record from the self-established DNS server, and if the DNS query record includes a specific character string, determine a vulnerability location according to the HTTP request parameter.
In a possible implementation manner, if a DNS query record exists in the self-built server, the DNS query record is obtained from the self-built DNS server, and if the DNS query record includes a specific character string, a vulnerability location is determined according to an HTTP request parameter, specifically, the DNS query record of the self-built DNS server is first obtained, a domain name in the DNS query record is extracted, and if a sub-character string in the domain name is the same as the specific character string, the request parameter is the vulnerability location, for example, if the DNS query record includes a character string "fajfadfladf", and the specific character string in the local database is also "fajfadfladf", the corresponding HTTP request parameter may be determined, and if the corresponding request parameter is: 127.0.0.1/CommandInjection/injection2. php? c ═ test "% 26 ping% 20-nc% 203% 20" fajfaddladf. example. com, then the path information is extracted: 127.0.0.1/CommandInjection/injection2. php? Then, the location of the vulnerability may be determined, see fig. 2, and step S500 is executed to output the information of the vulnerability.
In addition, if the DNS query record is not acquired in the self-built DNS server, the vulnerability does not exist in the representation.
It should be noted that, although the system command injection vulnerability detection method is described above by taking the above steps as examples, those skilled in the art can understand that the disclosure should not be limited thereto. In fact, the user can flexibly set the system command injection vulnerability detection method according to personal preference and/or actual application scenes as long as the required functions are achieved.
In this way, by constructing a payload, wherein the payload contains a specific character string, inserting the payload into an HTTP request and recording the payload and HTTP request parameters, sending the HTTP request to a target operating system, enabling the target operating system to execute the payload to perform DNS query, obtaining a DNS query record from a self-built DNS server, and if the DNS query record contains the specific character string, determining a vulnerability position according to the HTTP request parameters, wherein the DNS query record contains information obtained when the target operating system performs DNS query. The system command injection vulnerability detection based on the DNS channel can be used for quickly detecting the system command injection vulnerability, whether a target application program is required to be displayed back or not is not required, the applicable target is wider, the vulnerability can be quickly detected, vulnerability detection time is shortened, scanning efficiency is improved, accuracy is stably improved, and false alarm rate and missing report rate are reduced.
Further, according to another aspect of the present disclosure, a system command injection vulnerability detection apparatus 100 is also provided. Since the working principle of the system command injection vulnerability detection apparatus 100 of the embodiment of the present disclosure is the same as or similar to the principle of the system command injection vulnerability detection method of the embodiment of the present disclosure, repeated descriptions are omitted. Referring to fig. 3, a system command injection vulnerability detection apparatus 100 according to an embodiment of the present disclosure includes a payload construction module, a payload insertion module, an HTTP request transmission module, and a vulnerability location determination module.
A payload construction module 110 configured to construct a payload; wherein, payload contains a specific character string;
a payload insertion module 120 configured to insert payload into the HTTP request and record the payload and HTTP request parameters;
an HTTP request sending module 130 configured to send an HTTP request to the target operating system, so that the target operating system executes payload for DNS query;
the vulnerability location determining module 140 is configured to obtain a DNS query record from the self-built DNS server, and determine a vulnerability location according to the HTTP request parameter if the DNS query record includes a specific character string;
the DNS query record comprises information obtained when the target operating system carries out DNS query.
Further, in a possible implementation manner, the payload constructing module further includes a character string generating unit, a character string splicing unit, and a domain name string filling unit.
A character string generation unit configured to randomly generate a set of specific character strings;
the character string splicing unit is configured to splice a specific character string with a preset domain name to obtain a domain name string;
and the domain name string filling unit is configured to fill the domain name string into the command to obtain payload.
Still further, according to another aspect of the present disclosure, there is also provided a system command injection vulnerability detection apparatus 200. Referring to fig. 4, the system command injection vulnerability detection apparatus 200 of the embodiment of the present disclosure includes a processor 210 and a memory 220 for storing executable instructions of the processor 210. Wherein the processor 210 is configured to execute the executable instructions to implement any of the system command injection vulnerability detection methods described above.
Here, it should be noted that the number of the processors 210 may be one or more. Meanwhile, in the system command injection vulnerability detection apparatus 200 of the embodiment of the present disclosure, an input device 230 and an output device 240 may also be included. The processor 210, the memory 220, the input device 230, and the output device 240 may be connected via a bus, or may be connected via other methods, which is not limited in detail herein.
The memory 220, which is a computer-readable storage medium, may be used to store software programs, computer-executable programs, and various modules, such as: the program or the module corresponding to the system command injection vulnerability detection method in the embodiment of the disclosure. The processor 210 executes various functional applications and data processing of the system command injection vulnerability detection apparatus 200 by executing software programs or modules stored in the memory 220.
The input device 230 may be used to receive an input number or signal. Wherein the signal may be a key signal generated in connection with user settings and function control of the device/terminal/server. The output device 240 may include a display device such as a display screen.
According to another aspect of the present disclosure, there is also provided a non-transitory computer readable storage medium having stored thereon computer program instructions, which when executed by the processor 210, implement the system command injection vulnerability detection method as described in any of the preceding.
Having described embodiments of the present disclosure, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the disclosed embodiments. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein is chosen in order to best explain the principles of the embodiments, the practical application, or improvements made to the technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.
Claims (10)
1. A method for detecting system command injection vulnerabilities is used for detecting vulnerabilities in a target operating system, and comprises the following steps:
constructing payload; wherein the payload contains a specific character string;
inserting the payload into an HTTP request and recording the payload and HTTP request parameters;
sending the HTTP request to the target operating system, and enabling the target operating system to execute the payload to perform DNS query;
acquiring a DNS query record from a self-built DNS server, and determining a vulnerability position according to the HTTP request parameter if the DNS query record comprises the specific character string;
and the DNS query record comprises information obtained when the target operating system carries out DNS query.
2. The method of claim 1, wherein constructing the payload comprises:
randomly generating a set of the specific character strings;
splicing the specific character string with a preset domain name to obtain a domain name string;
and filling the domain name string into a command to obtain the payload.
3. The method of claim 2, wherein inserting the payload into an HTTP request and recording the payload and HTTP request parameters comprises:
inserting the payload into a corresponding parameter in the HTTP request;
recording the specific character string and the HTTP request parameter;
storing the particular string and the HTTP request parameters in a local database.
4. The method of claim 3, wherein obtaining a DNS query record from a self-built DNS server, and if the DNS query record includes the specific character string, determining the vulnerability location according to the HTTP request parameter comprises:
acquiring a DNS query record of the self-built DNS server;
extracting the domain name in the DNS query record;
and if the sub-character string in the domain name is the same as the specific character string, determining the vulnerability position according to the HTTP request parameter.
5. The method of claim 1, wherein if there is no DNS query record in the DNS server, there is no vulnerability.
6. The method of claim 2, wherein the command is set according to a type of the target operating system.
7. The system command vulnerability detection device is characterized by comprising a payload construction module, a payload insertion module, an HTTP request sending module and a vulnerability position determining module;
the payload constructing module is configured to construct a payload; wherein the payload contains a specific character string;
the payload insertion module is configured to insert the payload into an HTTP request and record the payload and HTTP request parameters;
the HTTP request sending module is configured to send the HTTP request to a target operating system, and the target operating system is made to execute the payload to perform DNS query;
the vulnerability location determining module is configured to acquire a DNS query record from a self-built DNS server, and determine a vulnerability location according to the HTTP request parameter if the DNS query record comprises the specific character string;
and the DNS query record comprises information obtained when the target operating system carries out DNS query.
8. The apparatus of claim 7, wherein the payload construction module comprises a string generation unit, a string concatenation unit, and a domain name string padding unit;
the character string generation unit configured to randomly generate a set of the specific character strings;
the character string splicing unit is configured to splice the specific character string with a preset domain name to obtain a domain name string;
the domain name string filling unit is configured to fill the domain name string into a command to obtain the payload.
9. A system command vulnerability detection device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to carry out the method of any one of claims 1 to 6 when executing the executable instructions.
10. A non-transitory computer readable storage medium having computer program instructions stored thereon, wherein the computer program instructions, when executed by a processor, implement the method of any of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010413709.XA CN111597559B (en) | 2020-05-15 | 2020-05-15 | System command injection vulnerability detection method and device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010413709.XA CN111597559B (en) | 2020-05-15 | 2020-05-15 | System command injection vulnerability detection method and device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111597559A true CN111597559A (en) | 2020-08-28 |
| CN111597559B CN111597559B (en) | 2023-10-13 |
Family
ID=72182476
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010413709.XA Active CN111597559B (en) | 2020-05-15 | 2020-05-15 | System command injection vulnerability detection method and device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111597559B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114143047A (en) * | 2021-11-17 | 2022-03-04 | 湖北天融信网络安全技术有限公司 | Vulnerability detection method and device, terminal equipment, Web server and storage medium |
| CN114157452A (en) * | 2021-11-12 | 2022-03-08 | 湖北天融信网络安全技术有限公司 | XXE vulnerability detection method and system based on HTTP connection platform |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100325620A1 (en) * | 2009-06-20 | 2010-12-23 | Microsoft Corporation | Embedded annotation and program analysis |
| CN109040039A (en) * | 2018-07-20 | 2018-12-18 | 西安四叶草信息技术有限公司 | A kind of leak detection method, apparatus and system |
| CN109302433A (en) * | 2018-12-17 | 2019-02-01 | 深信服科技股份有限公司 | Detection method, device, equipment and the storage medium of remote command execution loophole |
| CN109347805A (en) * | 2018-09-19 | 2019-02-15 | 杭州安恒信息技术股份有限公司 | It is a kind of based on DNS without echo SQL injection detection method |
| CN110430185A (en) * | 2019-07-31 | 2019-11-08 | 中国工商银行股份有限公司 | The method and detection device of loophole are executed for sense command |
-
2020
- 2020-05-15 CN CN202010413709.XA patent/CN111597559B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100325620A1 (en) * | 2009-06-20 | 2010-12-23 | Microsoft Corporation | Embedded annotation and program analysis |
| CN109040039A (en) * | 2018-07-20 | 2018-12-18 | 西安四叶草信息技术有限公司 | A kind of leak detection method, apparatus and system |
| CN109347805A (en) * | 2018-09-19 | 2019-02-15 | 杭州安恒信息技术股份有限公司 | It is a kind of based on DNS without echo SQL injection detection method |
| CN109302433A (en) * | 2018-12-17 | 2019-02-01 | 深信服科技股份有限公司 | Detection method, device, equipment and the storage medium of remote command execution loophole |
| CN110430185A (en) * | 2019-07-31 | 2019-11-08 | 中国工商银行股份有限公司 | The method and detection device of loophole are executed for sense command |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114157452A (en) * | 2021-11-12 | 2022-03-08 | 湖北天融信网络安全技术有限公司 | XXE vulnerability detection method and system based on HTTP connection platform |
| CN114143047A (en) * | 2021-11-17 | 2022-03-04 | 湖北天融信网络安全技术有限公司 | Vulnerability detection method and device, terminal equipment, Web server and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111597559B (en) | 2023-10-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110324311B (en) | Vulnerability detection method and device, computer equipment and storage medium | |
| CN111600885A (en) | SQL injection vulnerability detection method and device, equipment and storage medium | |
| CN109739656B (en) | Interface data simulation method and device, storage medium and electronic equipment | |
| CN111045952A (en) | Software testing method, flow playback device, terminal equipment and readable storage medium | |
| CN108989355B (en) | Vulnerability detection method and device | |
| CN111783096B (en) | Method and device for detecting security hole | |
| CN111026645A (en) | User interface automatic testing method and device, storage medium and electronic equipment | |
| CN110532779B (en) | Vulnerability detection method, device, terminal and storage medium | |
| CN111597559A (en) | Method, device, equipment and storage medium for detecting system command injection vulnerability | |
| CN111475161B (en) | Method, device and equipment for accessing component | |
| CN113114680B (en) | Detection method and detection device for file uploading vulnerability | |
| CN110806965A (en) | Automatic test method, device, equipment and medium | |
| CN108234533A (en) | User operation processing method and relevant device | |
| CN110311972B (en) | Detection method, device, equipment and medium for application software distribution | |
| CN108600377A (en) | A kind of pause method of file download, device, terminal and storage medium | |
| CN107888451B (en) | Method and device for testing Web server | |
| CN112162873B (en) | Remote calling method, electronic device and storage medium | |
| CN112130908B (en) | Method and device for setting user guidance | |
| CN112181822A (en) | Test method and test method for starting time consumption of application program | |
| CN108881320B (en) | Authentication processing method for user login, server and client | |
| CN104881605B (en) | A kind of webpage redirects leak detection method and device | |
| CN105893502A (en) | Code synchronization method and device | |
| CN115412345A (en) | Weak password prompt modification method, device, equipment and medium | |
| CN111143650B (en) | Method, device, medium and electronic equipment for acquiring page data | |
| CN108471635B (en) | Method and apparatus for connecting wireless access points |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |