CN111683047B - Unauthorized vulnerability detection method, device, computer equipment and medium - Google Patents

Unauthorized vulnerability detection method, device, computer equipment and medium Download PDF

Info

Publication number
CN111683047B
CN111683047B CN202010364766.3A CN202010364766A CN111683047B CN 111683047 B CN111683047 B CN 111683047B CN 202010364766 A CN202010364766 A CN 202010364766A CN 111683047 B CN111683047 B CN 111683047B
Authority
CN
China
Prior art keywords
account information
browser
scanning
vulnerability
target site
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010364766.3A
Other languages
Chinese (zh)
Other versions
CN111683047A (en
Inventor
邱贵昌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Property and Casualty Insurance Company of China Ltd
Original Assignee
Ping An Property and Casualty Insurance Company of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Property and Casualty Insurance Company of China Ltd filed Critical Ping An Property and Casualty Insurance Company of China Ltd
Priority to CN202010364766.3A priority Critical patent/CN111683047B/en
Publication of CN111683047A publication Critical patent/CN111683047A/en
Application granted granted Critical
Publication of CN111683047B publication Critical patent/CN111683047B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Power Engineering (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an override vulnerability detection method, an override vulnerability detection device, computer equipment and a storage medium, wherein the method comprises the following steps: n account information is contained in the account information set, N+1 browsers are started in a multi-process mode, one account information is used for logging in a target site in each browser, visitor identities are used for accessing in the N+1 browsers, access scanning is conducted on the target sites in the N+1 browsers, scanning results are obtained, scanning of authority interfaces is conducted on multiple account information at the same time, scanning efficiency is improved, scanning result errors caused by session conflicts are avoided, scanning accuracy is improved, the scanning results are summarized and analyzed to obtain authority interfaces corresponding to the account information and the visitor identities, whether each authority interface has an unauthorized vulnerability is judged in a cross scanning mode, and vulnerability scanning efficiency is improved. The invention also relates to a blockchain technology, and the account information set can be stored in a blockchain node.

Description

Unauthorized vulnerability detection method, device, computer equipment and medium
Technical Field
The present invention relates to the field of information security, and in particular, to a method, an apparatus, a computer device, and a medium for detecting an unauthorized vulnerability.
Background
With the continuous development of enterprise informatization degree, the access authority control of data is more and more critical, and most of enterprise network applications are developed outwards, and are used by clients or provided for various daily services on websites by operators. Once the website is outward, the website is inevitably subjected to malicious attack by external personnel, hackers and commercial spyware; meanwhile, the situation that internal staff use account numbers to maliciously climb data to make illegal use and buy and sell is avoided, and no matter what result is, serious economic and reputation losses are caused for companies. Therefore, protection of access rights by security detection, vulnerability scanning, firewall reinforcement, and the like is required.
The common vulnerability detection mode is realized by performing vulnerability scanning on a website and an application system through a vulnerability scanner. However, in the Web application, there is an override vulnerability, which is a business vulnerability, and means that due to negligence of business logic, no strict limits are applied to rights or users required by a certain operation, so that users without operation rights can operate normally.
At present, the detection of the unauthorized holes is generally carried out by aiming at each account, logging in the account to scan, obtaining the authority interfaces corresponding to the account, modifying the account ID, accessing each authority interface, and carrying out comparison analysis according to the return requests of different account IDs for accessing the authority interfaces so as to judge whether the unauthorized holes exist.
Disclosure of Invention
The embodiment of the invention provides an override vulnerability detection method, an override vulnerability detection device, computer equipment and a storage medium, so as to improve the detection efficiency of the override vulnerability.
In order to solve the above technical problems, an embodiment of the present application provides an override vulnerability detection method, including:
acquiring an account information set, wherein the account information set comprises N pieces of account information, and N is a positive integer;
adopting a multi-process mode to concurrently start N+1 browsers, and driving each browser to jump to a target site;
logging in one account information in a target site corresponding to each browser, and accessing the target site corresponding to the (n+1) th browser by adopting visitor identity;
Performing access scanning on target sites in the N+1 browsers to obtain N+1 scanning results;
and summarizing and analyzing the N+1 scanning results to obtain authority interfaces corresponding to the account information and authority interfaces corresponding to the visitor identities, and judging whether each authority interface has an override vulnerability or not in a cross scanning mode.
Optionally, the adopting a multi-process mode to concurrently start up n+1 browsers and driving each browser to jump to the target site includes:
starting n+1 browsers through process isolation in a multi-process mode, so that each browser runs in an independent process;
and after detecting that the N+1 browsers are started, driving each browser to jump to a target site by adopting a preset script.
Optionally, logging in one account information in the target site corresponding to each browser, and accessing by using the visitor identity in the target site corresponding to the n+1th browser includes:
randomly selecting N browsers from the N+1 browsers, wherein the N browsers are used as a first browser, and the rest one browser is used as a second browser;
Logging in one account information on a target site of each first browser through a preset login script;
after each account information is successfully logged in, accessing the target site;
and executing access operation to the target site in the second browser by adopting the identity of the visitor.
Optionally, the performing access scanning on the target sites in the n+1 browsers, and obtaining n+1 scanning results includes:
collecting effective addresses contained in target sites by means of a dynamic crawler in a missing scanning mode aiming at each browser;
and accessing the effective address, and determining the authority relationship between the account information of the login target site and the effective address to obtain a scanning result.
Further, the override vulnerabilities include parallel override vulnerabilities, vertical override vulnerabilities, and unauthorized access vulnerabilities.
Optionally, the override vulnerability is a parallel override vulnerability, and the determining whether the override vulnerability exists in each authority interface by using a cross scanning manner includes:
acquiring first account information and second account information from the account information set, wherein the first account information comprises a first user identity, the second account information comprises a second user identity, and the first user identity and the second user identity have the same authority level;
Modifying a first identity identifier contained in an address of a permission interface corresponding to the first account information into a second user identity identifier to obtain a new address, and taking the new address as a test address of the permission interface;
and accessing the test address of the authority interface by using the second account information, and if the access is successful, confirming that the parallel override vulnerability exists in the authority interface corresponding to the first account information.
In order to solve the above technical problem, an embodiment of the present application further provides an override vulnerability detection device, including:
the system comprises a data acquisition module, a data processing module and a data processing module, wherein the data acquisition module is used for acquiring an account information set, the account information set comprises N pieces of account information, and N is a positive integer;
the process starting module is used for starting N+1 browsers in a multi-process mode and driving each browser to jump to a target site;
the login module is used for logging in one account information in the target site corresponding to each browser, and accessing the target site corresponding to the (n+1) th browser by adopting visitor identity;
the scanning module is used for carrying out access scanning on the target sites in the N+1 browsers to obtain N+1 scanning results;
And the override vulnerability analysis module is used for summarizing and analyzing the N+1 scanning results to obtain a permission interface corresponding to each account information and a permission interface corresponding to the identity of the visitor, and judging whether each permission interface has an override vulnerability or not in a cross scanning mode.
Optionally, the process starting module includes:
the browser parallel starting unit is used for starting n+1 browsers through process isolation in a multi-process mode so that each browser runs in an independent process;
and the website jumping unit is used for driving each browser to jump to a target website by adopting a preset script after detecting that the N+1 browsers are started.
Optionally, the login module includes:
a browser selecting unit, configured to randomly select N browsers from n+1 browsers, as a first browser, and use the remaining one browser as a second browser;
the account login unit is used for logging in one account information on the target site of each first browser through a preset login script;
the account access unit is used for accessing the target site after each account information is successfully logged in;
And the visitor access unit is used for executing access operation on the target site in the second browser by adopting visitor identity.
Optionally, the scanning module includes:
the address crawling unit is used for collecting effective addresses contained in the target sites by means of a dynamic crawler in a missing sweeping manner aiming at each browser;
and the relation analysis unit is used for accessing the effective address, determining the authority relation between the account information of the login target site and the effective address, and obtaining a scanning result.
Optionally, the override vulnerability is a parallel override vulnerability, and the override vulnerability analysis module includes:
the account selection unit is used for acquiring first account information and second account information from the account information set, wherein the first account information comprises a first user identity, the second account information comprises a second user identity, and the first user identity and the second user identity have the same authority level;
the address determining unit is used for modifying a first identity identifier contained in the address of the authority interface corresponding to the first account information into the second user identity identifier to obtain a new address, and taking the new address as a test address of the authority interface;
And the test unit is used for accessing the test address of the authority interface by using the second account information, and if the access is successful, confirming that the parallel override vulnerability exists in the authority interface corresponding to the first account information.
In order to solve the above technical problem, an embodiment of the present application further provides a computer device, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where the steps of the above method for detecting an override vulnerability are implemented when the processor executes the computer program.
In order to solve the above technical problem, the embodiments of the present application further provide a computer readable storage medium, where a computer program is stored, where the computer program implements the steps of the above-mentioned method for detecting an override vulnerability when executed by a processor.
According to the method, the device, the computer equipment and the storage medium for detecting the override vulnerability, on one hand, N account information is contained in the account information set, and N+1 browsers are started in a multi-process mode, one account information is used for logging in a target site in each browser, visitor identities are used for visiting in the N+1 browsers, visiting and scanning are conducted on the target site in the N+1 browsers, N+1 scanning results are obtained, scanning of authority interfaces is conducted on the account information at the same time, scanning efficiency is improved, and vulnerability scanning efficiency is improved. Meanwhile, the accuracy of the scanning result of each account information is ensured by adopting a multi-process isolation mode, disorder of the scanning result caused by caching is avoided, the accuracy of the scanning result is improved, and the integrity of vulnerability scanning is improved; and on the other hand, summarizing and analyzing the N+1 scanning results to obtain authority interfaces corresponding to the information of each account and authority interfaces corresponding to the identities of the visitors, judging whether each authority interface has an override vulnerability or not in a cross scanning mode, avoiding the sequential testing of each authority interface of a single account, resulting in low efficiency and low accuracy, and improving the vulnerability scanning efficiency.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments of the present invention will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is an exemplary system architecture diagram in which the present application may be applied;
FIG. 2 is a flow chart of one embodiment of an override vulnerability detection method of the present application;
FIG. 3 is a schematic diagram of an embodiment of an override vulnerability detection apparatus according to the present application;
FIG. 4 is a schematic structural diagram of one embodiment of a computer device according to the present application.
Detailed Description
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs; the terminology used in the description of the applications herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application; the terms "comprising" and "having" and any variations thereof in the description and claims of the present application and in the description of the figures above are intended to cover non-exclusive inclusions. The terms first, second and the like in the description and in the claims or in the above-described figures, are used for distinguishing between different objects and not necessarily for describing a sequential or chronological order.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the present application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments.
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, as shown in fig. 1, a system architecture 100 may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 is used as a medium to provide communication links between the terminal devices 101, 102, 103 and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The user may interact with the server 105 via the network 104 using the terminal devices 101, 102, 103 to receive or send messages or the like.
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablet computers, electronic book readers, MP3 players (Moving Picture E interface display perts Group Audio Layer III, moving Picture expert compression standard audio layer 3), MP4 players (Moving Picture E interface display perts Group Audio Layer IV, moving Picture expert compression standard audio layer 4), laptop and desktop computers, and so on.
The server 105 may be a server providing various services, such as a background server providing support for pages displayed on the terminal devices 101, 102, 103.
It should be noted that, the method for detecting the unauthorized holes provided in the embodiment of the present application is executed by a server, and accordingly, the unauthorized hole detection device is disposed in the server.
It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. Any number of terminal devices, networks and servers may be provided according to implementation requirements, and the terminal devices 101, 102 and 103 in the embodiments of the present application may specifically correspond to application systems in actual production.
Referring to fig. 2, fig. 2 shows an override vulnerability detection method provided by an embodiment of the present invention, and the method is applied to the server in fig. 1 for illustration, and is described in detail as follows:
s201: and acquiring an account information set, wherein the account information set comprises N pieces of account information, and N is a positive integer.
Specifically, the scanning of the override vulnerability in the embodiment is to perform abnormal scanning aiming at that the account authority exceeds the preset authority range, namely, detect whether the account can access or acquire information exceeding the preset authority range, in a background server, each account has preset authority, acquire the account information required to be tested, and then test the override vulnerability through the account information.
The account information set refers to a set containing a plurality of account information to be tested, each account information contains a matched user identity and a basic password, and specific numerical values of the account information N in the embodiment can be selected according to actual requirements.
It should be noted that in this embodiment, each user id is preset with a corresponding level authority, and the higher the level, the greater the level authority, the specific preset manner of the level authority may be set according to the actual requirement, which is not limited herein.
For example, in one embodiment, in the obtained account information set, the user id includes: admin, user016, user019 and guest532, wherein admin has the highest authority, user016 and user019 have partial operation authority and access modification authority corresponding to own account information, and guest has few partial operation authority.
In this embodiment, the source of the account information set may be that the administrator selects account information with different levels of authority from the database according to actual needs, and stores the account information into the account information set, or that the historical operation record corresponding to each account information is analyzed, and account information with abnormal operation is obtained and stored into the account information set.
In this embodiment, the override vulnerability refers to a permission vulnerability that an account has access to and obtains information beyond a preset range of the account, a general vulnerability scanning tool performs security detection on security vulnerabilities of remote or local websites and application systems through means such as scanning, and the override vulnerability is caused by failure to consider all permission controls in a research and development process, so that the general vulnerability scanning tool cannot perform scanning detection on the permission vulnerability.
S202: and starting n+1 browsers concurrently by adopting a multi-process mode, and driving each browser to jump to the target site.
Specifically, n+1 parallel processes are created by adopting a multi-process mode, 1 browser is started in each process at the same time, and the browser is driven to jump to a target site.
The multi-Process mode (Multiple processes) refers to a mode of enabling a plurality of processes simultaneously, running a browser in each Process, and a Process (Process) is a running activity of a program in a computer on a certain data set, is a basic unit of resource allocation and scheduling of a system, and is a basis of an operating system structure.
In the existing mode, by manual scanning or simulated login scanning, the scanning result is often inaccurate or even abnormal due to session conflict, and the embodiment adopts a multi-process mode to realize session isolation of each browser, so that session conflict prevention and control is facilitated, the scanning accuracy is improved, meanwhile, simultaneous scanning of a plurality of account information is realized, the time consumption of scanning is saved, and the scanning efficiency is improved.
The target site refers to an entry address corresponding to an application program or an operating system for testing.
It should be noted that, in this embodiment, a virtual container is further set for each process, and a corresponding virtual address space is generated for running the browser to implement process isolation, so that the virtual address of each browser is different, and thus, writing of data information in the browser into data information of other browsers is prevented, so that a plurality of subsequent browsers execute scanning simultaneously, and there is no need to worry about data distribution and writing errors, which is beneficial to improving efficiency and accuracy of subsequent scanning.
Process isolation is a technique designed to protect processes in an operating system from interference with one another.
S203: and logging in account information in the target site corresponding to each browser, and accessing the target site corresponding to the (n+1) th browser by adopting visitor identity.
Specifically, each account information is logged in a target site corresponding to one browser, and is not logged in the rest of one browser, and access is performed by adopting visitor identity.
In the embodiment, by inputting account numbers of different roles in different browsers and logging in a target site in a browser mode, the problems that session form login scanning is unsuccessful, session is invalid and the like can be effectively solved.
S204: and performing access scanning on target sites in the N+1 browsers to obtain N+1 scanning results.
Specifically, a preset scanner is adopted to perform access scanning on target sites in the n+1 browsers, permission interface information corresponding to each account information is obtained, and n+1 scanning results are obtained, wherein each scanning result comprises each account information and the accessible permission interface information corresponding to the visitor.
S205: and summarizing and analyzing the N+1 scanning results to obtain a permission interface corresponding to each account information and a permission interface corresponding to the identity of the visitor, and judging whether each permission interface has an override vulnerability or not in a cross scanning mode.
Specifically, the obtained n+1 scanning results are subjected to summarizing analysis to obtain all available authority interfaces and authority interfaces corresponding to each account information, and then a cross scanning mode is adopted to judge whether each authority interface has account override loopholes, namely whether the authority interfaces are set with reasonable authority control.
Easily understood, through summarizing analysis, the interfaces with the same authority are combined, repeated detection during subsequent cross scanning is avoided, and the efficiency of override scanning is improved.
For example, in a specific embodiment, the getbase interface can be used to query all case information, the interface can only be used by the A account information A, after the result is obtained after scanning and is summarized and analyzed, the interface is sent to the B account information of the common authority, the B account information is taken to the interface address, the getbase is accessed by using the cookie information of the B account information, and all client information can be also checked, so that the interface is proved to not be in authority control, that is, the authority interface has access loopholes. Otherwise, the authority interface is used for authority control, and no override loopholes exist.
The cross scanning refers to adopting account information with different authorities, logging in and accessing authority interfaces which do not have authorities, and judging whether the access authority setting is reasonable or not. Specific implementation details may refer to the following embodiments, and are not repeated here.
It should be noted that, in this embodiment, the authority interface corresponding to the account information and the authority interface corresponding to the identity of the visitor refer to interfaces other than the public interface, that is, in the process of authority design, in a group of account information with the same authority level, an interface with certain account information having authority, but other account information not having authority is used as the authority interface corresponding to the account information.
Further, override vulnerabilities include, but are not limited to: parallel override vulnerabilities, vertical override vulnerabilities, and unauthorized access vulnerabilities.
The parallel override vulnerability refers to override between accounts of the same level, for example, inquiring user information userinfo. Phpname=a, wherein the a account information can only browse basic information of the a account information, the B account information can browse basic information of the B account information, if the a account information is adopted for login, the name=a is changed into name=b for access, and the B information can be found, namely, the parallel permission vulnerability exists. If the user does not log in, the basic information of the account A which can be queried only by logging in can be queried, namely, the unauthorized access vulnerability exists.
The vertical override vulnerability refers to a permission vulnerability of an interface that a low-level account can access only a high-level account, for example, if the system sets that admin.php can only be accessed by high-permission account information, and if low-permission account information can also be accessed, then admin.php exists the vertical override vulnerability.
In this embodiment, N account information is included in the account information set, and n+1 browsers are started concurrently in a multi-process manner, and one account information is used in each browser to log in a target site, so that the n+1 browser is used in the n+1 browser
And the visitor identity is adopted for access, and the target sites in the N+1 browsers are accessed and scanned to obtain N+1 scanning results, so that the simultaneous scanning of authority interfaces by a plurality of account information is realized, the scanning efficiency is improved, and the vulnerability scanning efficiency is improved. Meanwhile, the accuracy of the scanning result of each account information is ensured by adopting a multi-process isolation mode, disorder of the scanning result caused by caching is avoided, the accuracy of the scanning result is improved, the integrity of vulnerability scanning is improved, and finally, N+1 scanning results are subjected to summarization analysis to obtain a permission interface corresponding to each account information and a permission interface corresponding to the identity of a visitor, whether each permission interface has an override vulnerability is judged in a cross scanning mode, so that each permission interface of a single account is prevented from being tested in sequence, the efficiency and the accuracy are low, and the vulnerability scanning efficiency is improved.
In some optional implementations of this embodiment, in step S202, starting n+1 browsers concurrently in a multi-process manner, and driving each browser to jump to the target site includes:
starting n+1 browsers through process isolation in a multi-process mode, so that each browser runs in an independent process;
After the completion of the starting of the n+1 browsers is detected, driving each browser to jump to the target site by adopting a preset script.
Specifically, by adopting a multi-process mode, establishing n+1 processes, starting a browser in each process, setting a virtual container for the process, and generating a virtual address space operated by the browser to realize process isolation, so that the virtual address of each browser is different, data information in the browser is prevented from being written into data information of other browsers, the subsequent multiple browsers can execute scanning simultaneously, the distribution and writing errors of data do not need to be worry, and the efficiency and the accuracy of the subsequent scanning are improved. After the completion of the starting of the n+1 browsers is detected, driving each browser to jump to the target site by adopting a preset script.
The preset script can be set according to actual needs through a script language, and is not limited herein.
In this embodiment, a multi-process manner is adopted, and multiple browsers are started concurrently, so that access information in each browser is not interfered with each other, which is beneficial to improving accuracy of subsequent access scanning, and meanwhile, authority interface scanning corresponding to multiple account information is performed simultaneously, which is also beneficial to improving scanning efficiency.
In some optional implementations of this embodiment, in step S203, logging in account information in a target site corresponding to each browser, and accessing with a visitor identity in a target site corresponding to an n+1th browser includes:
randomly selecting N browsers from the N+1 browsers, wherein the N browsers are used as a first browser, and the rest one browser is used as a second browser;
logging in account information on a target site of each first browser through a preset login script;
after each account information login is successful, accessing the target site;
and executing access operation to the target site in the second browser by adopting the identity of the visitor.
In this embodiment, when the unauthorized vulnerability is detected, an unauthorized access vulnerability in the unauthorized vulnerability needs to be considered, so that access scanning needs to be performed by adopting a visitor identity to determine a permission interface corresponding to the visitor identity.
Specifically, a browser is allocated for each account information, the browser corresponding to the account information is used as a first browser, the rest of the browsers are used as second browsers, the account information is logged in the first browser, after the login is successful, the target site is accessed, and in the second browser, the visitor identity is adopted to access the target site.
The visitor identity is used for accessing the target site, namely, the target site is directly accessed anonymously without logging in through account information.
The preset login script refers to an application script written by adopting a script language and a post login or simulated login mode, and the specific adopted script language and login mode can be set according to actual requirements without limitation.
In this embodiment, by using account information and the identity of the visitor, access to the target site is constructed, so that the access path is scanned in the following process, and the permission interfaces corresponding to different account information and the permission interfaces corresponding to the identity of the visitor are obtained.
In some optional implementations of this embodiment, in step S204, performing access scanning on the target sites in the n+1 browsers, where obtaining n+1 scanning results includes:
aiming at each browser, collecting effective addresses contained in a target site in a mode of missing dynamic crawlers;
and accessing the effective address, determining the authority relationship between the account information of the login target site and the effective address, and obtaining a scanning result.
Specifically, a leaky dynamic crawler mode is adopted to perform url crawling on a target site of each browser, scanned new urls are monitored through functions such as hook window, eventSource, window, etc., two timing functions such as setTimeout and setInterval are adopted to perform acceleration time reduction of time intervals, so that as many collection event registration, rear end redirection and the like as possible are achieved, all link addresses related to authorities are obtained and are used as effective addresses, authority states of the effective addresses are analyzed, and effective addresses which can be accessed only by using account information are determined as effective addresses with authority relation with account information and are used as scanning results.
The leaky-scan dynamic crawler is used for vulnerability scanning.
Wherein the rights relation includes, but is not limited to: all rights, editable rights, access only rights, and access prohibited, etc.
In this embodiment, an effective address is obtained by crawling and performing authority analysis on the links of the target sites in each browser, and the authority relationship between the account information and the corresponding effective address, or the authority relationship between the identity of the visitor and the corresponding effective address is determined.
In some optional implementations of the present embodiment, the override vulnerability is a parallel override vulnerability, and in step S205, determining whether an override vulnerability exists in each rights interface by means of cross scanning includes:
acquiring first account information and second account information from an account information set, wherein the first account information comprises a first user identity identifier, the second account information comprises a second user identity identifier, and the first user identity identifier and the second user identity identifier have the same authority level;
modifying a first identity identifier contained in an address of a permission interface corresponding to the first account information into a second user identity identifier to obtain a new address serving as a test address of the permission interface;
And using the test address of the second account information access permission interface, and if the access is successful, confirming that the permission interface corresponding to the first account information has parallel override loopholes.
Specifically, each authority interface corresponding to the account information has an access address, for example, the access address of one authority interface is http:// test.abc.com/addr.phpid=1234, wherein 1234 is a user identity in the account information, and if the access is successful, the existence of an unauthorized vulnerability is indicated by automatically identifying the user identity and adopting the user identity with the same authority level for replacement access.
The user identity is content for uniquely identifying the user identity in the account information, and may be specifically set according to actual requirements, for example, in a specific embodiment, a user mobile phone number in the account information is used as the user identity.
When the override vulnerability is detected on the authority interface corresponding to the first account information, the second account information is the account information with the same authority level, and in the actual override vulnerability test process, for the parallel override vulnerability detection, one account information with the same authority level as the account information is selected as the second account information, so that multiple detection is not required, the test time is saved, and the efficiency is improved.
In this embodiment, whether the permission interface of each account information has an override vulnerability is detected in a cross scanning manner, which is favorable for improving the detection efficiency and accuracy of the override vulnerability.
It should be understood that the sequence number of each step in the foregoing embodiment does not mean that the execution sequence of each process should be determined by the function and the internal logic, and should not limit the implementation process of the embodiment of the present invention.
Fig. 3 shows a schematic block diagram of an override vulnerability detection apparatus in one-to-one correspondence with the override vulnerability detection method of the above embodiment. As shown in fig. 3, the unauthorized vulnerability detection apparatus includes a data acquisition module 31, a process start module 32, a login module 33, a scan module 34, and an unauthorized vulnerability analysis module 35. The functional modules are described in detail as follows:
the data acquisition module 31 is configured to acquire an account information set, where the account information set includes N pieces of account information, and N is a positive integer;
the process starting module 32 is configured to start n+1 browsers concurrently in a multi-process manner, and drive each browser to jump to the target site;
a login module 33, configured to login account information in a target site corresponding to each browser, and access the target site corresponding to the (n+1) th browser by using a visitor identity;
The scanning module 34 is configured to access and scan the target sites in the n+1 browsers to obtain n+1 scanning results;
and the override vulnerability analysis module 35 is configured to perform summary analysis on n+1 scanning results to obtain a permission interface corresponding to each account information and a permission interface corresponding to the identity of the visitor, and determine whether an override vulnerability exists in each permission interface in a cross scanning manner.
Further, the process start module 32 includes:
the browser parallel starting unit is used for starting n+1 browsers through process isolation in a multi-process mode so that each browser runs in an independent process;
and the website jumping unit is used for driving each browser to jump to the target website by adopting a preset script after detecting that the N+1 browsers are started.
Further, the login module 33 includes:
the browser selecting unit is used for randomly selecting N browsers from the N+1 browsers, wherein the N browsers are used as first browsers, and the rest one browser is used as second browser;
the account login unit is used for logging in one account information on the target site of each first browser through a preset login script;
The account access unit is used for accessing the target site after each account information is successfully logged in;
and the visitor access unit is used for executing access operation on the target site in the second browser by adopting the visitor identity.
Further, the scanning module 34 includes:
the address crawling unit is used for collecting effective addresses contained in the target sites by means of a dynamic crawler through a missing scanning mode aiming at each browser;
and the relation analysis unit is used for accessing the effective address, determining the authority relation between the account information of the login target site and the effective address, and obtaining a scanning result.
Further, the override vulnerability is a parallel override vulnerability, and the override vulnerability analysis module 35 includes:
the account selection unit is used for acquiring first account information and second account information from the account information set, wherein the first account information comprises a first user identity identifier, the second account information comprises a second user identity identifier, and the first user identity identifier and the second user identity identifier have the same authority level;
the address determining unit is used for modifying a first identity identifier contained in the address of the authority interface corresponding to the first account information into a second user identity identifier to obtain a new address, and taking the new address as a test address of the authority interface;
And the test unit is used for accessing the test address of the authority interface by using the second account information, and if the access is successful, confirming that the parallel override vulnerability exists in the authority interface corresponding to the first account information.
For specific limitation of the unauthorized hole detection device, reference may be made to the limitation of the unauthorized hole detection method hereinabove, and the description thereof will not be repeated here. The above-mentioned various modules in the unauthorized vulnerability detection apparatus may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In order to solve the technical problems, the embodiment of the application also provides computer equipment. Referring specifically to fig. 4, fig. 4 is a basic structural block diagram of a computer device according to the present embodiment.
The computer device 4 comprises a memory 41, a processor 42, a network interface 43 communicatively connected to each other via a system bus. It is noted that only a computer device 4 having a component connection memory 41, a processor 42, a network interface 43 is shown in the figures, but it is understood that not all of the illustrated components are required to be implemented and that more or fewer components may be implemented instead. It will be appreciated by those skilled in the art that the computer device herein is a device capable of automatically performing numerical calculations and/or information processing in accordance with predetermined or stored instructions, the hardware of which includes, but is not limited to, microprocessors, application specific integrated circuits (Application Specific Integrated Circuit, ASICs), programmable gate arrays (fields-Programmable Gate Array, FPGAs), digital processors (Digital Signal Processor, DSPs), embedded devices, etc.
The computer equipment can be a desktop computer, a notebook computer, a palm computer, a cloud server and other computing equipment. The computer equipment can perform man-machine interaction with a user through a keyboard, a mouse, a remote controller, a touch pad or voice control equipment and the like.
The memory 41 includes at least one type of readable storage medium including flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or D interface display memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, etc. In some embodiments, the storage 41 may be an internal storage unit of the computer device 4, such as a hard disk or a memory of the computer device 4. In other embodiments, the memory 41 may also be an external storage device of the computer device 4, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash Card (Flash Card) or the like, which are provided on the computer device 4. Of course, the memory 41 may also comprise both an internal memory unit of the computer device 4 and an external memory device. In this embodiment, the memory 41 is typically used for storing an operating system and various application software installed on the computer device 4, such as program codes for controlling electronic files, etc. Further, the memory 41 may be used to temporarily store various types of data that have been output or are to be output.
The processor 42 may be a central processing unit (Central Processing Unit, CPU), controller, microcontroller, microprocessor, or other data processing chip in some embodiments. The processor 42 is typically used to control the overall operation of the computer device 4. In this embodiment, the processor 42 is configured to execute a program code stored in the memory 41 or process data, such as a program code for executing control of an electronic file.
The network interface 43 may comprise a wireless network interface or a wired network interface, which network interface 43 is typically used for establishing a communication connection between the computer device 4 and other electronic devices.
The present application also provides another embodiment, namely, a computer readable storage medium, where an interface display program is stored, where the interface display program is executable by at least one processor, so that the at least one processor performs the steps of the method for detecting an override vulnerability as described above.
The blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, encryption algorithm and the like. The Blockchain (Blockchain), which is essentially a decentralised database, is a string of data blocks that are generated by cryptographic means in association, each data block containing a batch of information of network transactions for verifying the validity of the information (anti-counterfeiting) and generating the next block. The blockchain may include a blockchain underlying platform, a platform product services layer, an application services layer, and the like.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk), comprising several instructions for causing a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method described in the embodiments of the present application.
It is apparent that the embodiments described above are only some embodiments of the present application, but not all embodiments, the preferred embodiments of the present application are given in the drawings, but not limiting the patent scope of the present application. This application may be embodied in many different forms, but rather, embodiments are provided in order to provide a more thorough understanding of the present disclosure. Although the present application has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments described in the foregoing, or equivalents may be substituted for elements thereof. All equivalent structures made by the specification and the drawings of the application are directly or indirectly applied to other related technical fields, and are also within the protection scope of the application.

Claims (8)

1. The method for detecting the unauthorized holes is characterized by comprising the following steps:
acquiring an account information set, wherein the account information set comprises N pieces of account information, and N is a positive integer;
adopting a multi-process mode to concurrently start N+1 browsers, and driving each browser to jump to a target site;
logging in one account information in each target site corresponding to the browser, and accessing by adopting a visitor identity in the target site corresponding to the (n+1) th browser, wherein accessing by adopting the visitor identity refers to directly performing anonymous access to the target site without logging in the account information;
performing access scanning on target sites in the N+1 browsers to obtain N+1 scanning results, wherein each scanning result comprises account information and visitor-corresponding accessible right interface information;
summarizing and analyzing the N+1 scanning results to obtain a right interface corresponding to each account information and a right interface corresponding to the identity of a visitor, and judging whether each right interface has an override vulnerability or not in a cross scanning mode, wherein cross scanning refers to adopting account information with different rights for each right interface, logging in and accessing the right interface which does not have the rights of each right interface, so as to judge whether the access right setting of each right interface is reasonable or not;
The unauthorized vulnerability comprises parallel unauthorized vulnerability, vertical unauthorized vulnerability and unauthorized access vulnerability, wherein the parallel unauthorized vulnerability refers to the unauthorized between accounts of the same level, the vertical unauthorized vulnerability refers to the permission vulnerability of an interface which can be accessed by a low-level account only when the low-level account can be accessed by a high-level account, and the unauthorized access vulnerability refers to the information which can be accessed when the user can inquire that the user can access when the user is logged in;
when the unauthorized access vulnerability is carried out, a visitor identity is adopted for access scanning so as to determine a permission interface corresponding to the visitor identity, and whether the permission interface corresponding to the visitor identity is set with reasonable permission control is judged;
logging in one account information in each target site corresponding to the browser, and accessing by adopting the visitor identity in the target site corresponding to the (n+1) th browser comprises:
randomly selecting N browsers from the N+1 browsers, wherein the N browsers are used as a first browser, and the rest one browser is used as a second browser;
logging in one account information on a target site of each first browser through a preset login script;
after each account information is successfully logged in, accessing the target site;
And executing access operation to the target site in the second browser by adopting the identity of the visitor.
2. The method of claim 1, wherein concurrently starting n+1 browsers and driving each browser to jump to a target site in a multi-process manner comprises:
starting n+1 browsers through process isolation in a multi-process mode, so that each browser runs in an independent process;
and after detecting that the N+1 browsers are started, driving each browser to jump to a target site by adopting a preset script.
3. The method for detecting an override vulnerability as recited in claim 1, wherein the performing access scanning on the target sites in the n+1 browsers to obtain n+1 scanning results includes:
collecting effective addresses contained in target sites by means of a dynamic crawler in a missing scanning mode aiming at each browser;
and accessing the effective address, and determining the authority relationship between the account information of the login target site and the effective address to obtain a scanning result.
4. The method for detecting an unauthorized hole according to claim 1, wherein the unauthorized hole is a parallel unauthorized hole, and the determining whether each of the rights interfaces has an unauthorized hole by means of cross scanning includes:
Acquiring first account information and second account information from the account information set, wherein the first account information comprises a first user identity, the second account information comprises a second user identity, and the first user identity and the second user identity have the same authority level;
modifying a first identity identifier contained in an address of a permission interface corresponding to the first account information into a second user identity identifier to obtain a new address, and taking the new address as a test address of the permission interface;
and accessing the test address of the authority interface by using the second account information, and if the access is successful, confirming that the parallel override vulnerability exists in the authority interface corresponding to the first account information.
5. An override vulnerability detection device, characterized in that the override vulnerability detection device comprises:
the system comprises a data acquisition module, a data processing module and a data processing module, wherein the data acquisition module is used for acquiring an account information set, the account information set comprises N pieces of account information, and N is a positive integer;
the process starting module is used for starting N+1 browsers in a multi-process mode and driving each browser to jump to a target site;
The login module is used for logging in one account information in each target site corresponding to the browser, and accessing by adopting a visitor identity in the target site corresponding to the (n+1) th browser, wherein accessing by adopting the visitor identity refers to directly performing anonymous access to the target site without logging in the account information;
the scanning module is used for carrying out access scanning on target sites in the N+1 browsers to obtain N+1 scanning results, wherein each scanning result comprises account information and access permission interface information corresponding to a visitor;
the override vulnerability analysis module is used for summarizing and analyzing N+1 scanning results to obtain a permission interface corresponding to each account information and a permission interface corresponding to the identity of a visitor, and judging whether each permission interface has override vulnerabilities or not in a cross scanning mode, wherein cross scanning refers to adopting account information with different permissions for each permission interface, logging in and accessing the permission interface without the permission of each permission interface, so as to judge whether the access permission setting of each permission interface is reasonable or not;
the unauthorized vulnerability comprises parallel unauthorized vulnerability, vertical unauthorized vulnerability and unauthorized access vulnerability, wherein the parallel unauthorized vulnerability refers to the unauthorized between accounts of the same level, the vertical unauthorized vulnerability refers to the permission vulnerability of an interface which can be accessed by a low-level account only when the low-level account can be accessed by a high-level account, and the unauthorized access vulnerability refers to the information which can be accessed when the user can inquire that the user can access when the user is logged in;
When the unauthorized access vulnerability is carried out, a visitor identity is adopted for access scanning so as to determine a permission interface corresponding to the visitor identity, and whether the permission interface corresponding to the visitor identity is set with reasonable permission control is judged;
logging in one account information in each target site corresponding to the browser, and accessing by adopting the visitor identity in the target site corresponding to the (n+1) th browser comprises:
randomly selecting N browsers from the N+1 browsers, wherein the N browsers are used as a first browser, and the rest one browser is used as a second browser;
logging in one account information on a target site of each first browser through a preset login script;
after each account information is successfully logged in, accessing the target site;
and executing access operation to the target site in the second browser by adopting the identity of the visitor.
6. The override vulnerability detection apparatus of claim 5, wherein the process starting module comprises:
the browser parallel starting unit is used for starting n+1 browsers through process isolation in a multi-process mode so that each browser runs in an independent process;
And the website jumping unit is used for driving each browser to jump to a target website by adopting a preset script after detecting that the N+1 browsers are started.
7. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the method of override vulnerability detection according to any one of claims 1 to 4 when executing the computer program.
8. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the method of override vulnerability detection of any one of claims 1 to 4.
CN202010364766.3A 2020-04-30 2020-04-30 Unauthorized vulnerability detection method, device, computer equipment and medium Active CN111683047B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010364766.3A CN111683047B (en) 2020-04-30 2020-04-30 Unauthorized vulnerability detection method, device, computer equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010364766.3A CN111683047B (en) 2020-04-30 2020-04-30 Unauthorized vulnerability detection method, device, computer equipment and medium

Publications (2)

Publication Number Publication Date
CN111683047A CN111683047A (en) 2020-09-18
CN111683047B true CN111683047B (en) 2023-05-30

Family

ID=72452428

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010364766.3A Active CN111683047B (en) 2020-04-30 2020-04-30 Unauthorized vulnerability detection method, device, computer equipment and medium

Country Status (1)

Country Link
CN (1) CN111683047B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112653674B (en) * 2020-12-10 2023-01-10 奇安信网神信息技术(北京)股份有限公司 Interface security detection method and device, electronic equipment and storage medium
CN112651029B (en) * 2021-01-08 2024-04-02 长沙树根互联技术有限公司 System and method for detecting application system loopholes, storage medium and electronic equipment
CN112799952A (en) * 2021-02-04 2021-05-14 上海云轴信息科技有限公司 Method and equipment for automatically testing cloud platform account system authority
CN113259327A (en) * 2021-04-20 2021-08-13 长沙市到家悠享网络科技有限公司 Automatic interface detection method, system and computer equipment
CN113239397A (en) * 2021-05-11 2021-08-10 鸬鹚科技(深圳)有限公司 Information access method, device, computer equipment and medium
CN113360417B (en) * 2021-07-27 2024-08-02 中国工商银行股份有限公司 Test method, session modifier, electronic device and medium
CN115604000B (en) * 2022-10-12 2023-11-21 中国电信股份有限公司 Override detection method, device, equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6574737B1 (en) * 1998-12-23 2003-06-03 Symantec Corporation System for penetrating computer or computer network
CN105306414A (en) * 2014-06-13 2016-02-03 腾讯科技(深圳)有限公司 Port vulnerability detection method, device and system
CN107566537A (en) * 2017-10-30 2018-01-09 郑州云海信息技术有限公司 A kind of web applies the method for semi-automatically detecting and system of longitudinal leak of going beyond one's commission
CN108696490A (en) * 2017-04-11 2018-10-23 腾讯科技(深圳)有限公司 The recognition methods of account permission and device
CN110225031A (en) * 2019-06-06 2019-09-10 深圳开源互联网安全技术有限公司 Dynamic rights leak detection method, system, device and readable storage medium storing program for executing

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6574737B1 (en) * 1998-12-23 2003-06-03 Symantec Corporation System for penetrating computer or computer network
CN105306414A (en) * 2014-06-13 2016-02-03 腾讯科技(深圳)有限公司 Port vulnerability detection method, device and system
CN108696490A (en) * 2017-04-11 2018-10-23 腾讯科技(深圳)有限公司 The recognition methods of account permission and device
CN107566537A (en) * 2017-10-30 2018-01-09 郑州云海信息技术有限公司 A kind of web applies the method for semi-automatically detecting and system of longitudinal leak of going beyond one's commission
CN110225031A (en) * 2019-06-06 2019-09-10 深圳开源互联网安全技术有限公司 Dynamic rights leak detection method, system, device and readable storage medium storing program for executing

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于状态机的移动应用越权访问漏洞检测方法;姜海涛;郭雅娟;陈昊;郭静;周超;徐建;;南京理工大学学报(04);全文 *

Also Published As

Publication number Publication date
CN111683047A (en) 2020-09-18

Similar Documents

Publication Publication Date Title
CN111683047B (en) Unauthorized vulnerability detection method, device, computer equipment and medium
US10740411B2 (en) Determining repeat website users via browser uniqueness tracking
CN107209830B (en) Method for identifying and resisting network attack
Nikiforakis et al. You are what you include: large-scale evaluation of remote javascript inclusions
CN111416811B (en) Unauthorized vulnerability detection method, system, equipment and storage medium
CN103843004B (en) Device customizes white list
CN1914881B (en) Method and system for authorizing for grid download operation in grid computing system
EP3368973A1 (en) Multi-layer computer security countermeasures
US10614208B1 (en) Management of login information affected by a data breach
US20190222587A1 (en) System and method for detection of attacks in a computer network using deception elements
CN113239397A (en) Information access method, device, computer equipment and medium
CN107332804B (en) Method and device for detecting webpage bugs
CN110708335A (en) Access authentication method and device and terminal equipment
US20180302437A1 (en) Methods of identifying and counteracting internet attacks
US20230015670A1 (en) Distributed system for autonomous discovery and exploitation of an organization's computing and/or human resources to evaluate capacity and/or ability to detect, respond to, and mitigate effectiveness of intrusion attempts by, and reconnaissance efforts of, motivated, antagonistic, third parties
CN112528295A (en) Vulnerability repairing method and device of industrial control system
CN109818972B (en) Information security management method and device for industrial control system and electronic equipment
CN112118238A (en) Method, device, system, equipment and storage medium for authentication login
US10803164B2 (en) Validating sign-out implementation for identity federation
CN115242608B (en) Alarm information generation method, device, equipment and storage medium
CN109714371B (en) Industrial control network safety detection system
CN111651766B (en) Method and device for testing unauthorized access
CN117473542A (en) Service data access method, device, equipment and storage medium
CN113507440A (en) Zero rule XSS attack detection method based on web application operation
CN110971606A (en) Construction method and application method of HACCP (Hadoop distributed control protocol) security system in Web application development

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant