CN113961927A - Secondary injection vulnerability detection method, device, equipment and storage medium - Google Patents
Secondary injection vulnerability detection method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN113961927A CN113961927A CN202111092799.8A CN202111092799A CN113961927A CN 113961927 A CN113961927 A CN 113961927A CN 202111092799 A CN202111092799 A CN 202111092799A CN 113961927 A CN113961927 A CN 113961927A
- Authority
- CN
- China
- Prior art keywords
- payload
- database
- detected
- written
- program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a secondary injection vulnerability detection method, a device, equipment and a storage medium, wherein the detection method comprises the following steps: sending a request for writing a payload into a database to a program to be detected, wherein the payload is a malicious sentence containing an escape character; judging whether the effective load is written into a database corresponding to the program to be detected; detecting whether the payload written by the database is executed or not under the condition that the payload is written into the database; and determining that the program to be detected has a secondary injection vulnerability under the condition that the effective load written into the database is detected to be executed. The invention judges whether the effective load containing the escape character is written into the database and further judges whether the effective load is executed or not, and judges whether the program to be detected has a secondary injection loophole or not through twice combination, thereby accurately detecting the secondary injection loophole.
Description
Technical Field
The invention relates to the field of information security, in particular to a secondary injection vulnerability detection method, a device, equipment and a storage medium.
Background
SQL secondary injection refers to injection caused by a user input that is already stored (database, file) being read and then re-entering the SQL query statement. Usually, the program makes an escape for some important keywords that are input, but the statements that the user has constructed by himself are written into the database and can be used in places that are not escaped. In a second implant, each implant may not constitute a leak, but if used together may result in an implant.
At present, the black box scanner has a better scanning effect on the ordinary SQL injection, because the request carries a payload (payload) for checking the SQL injection, and the returned result can analyze whether the SQL injection exists. The black box scanner is a program for automatically detecting local or remote host security weakness, and can quickly and accurately find the vulnerability of the scanning target and provide the scanning result for a user. The black box working principle is that the scanner sends a data packet to a target computer, and then sensitive information such as the type of an operating system, a development port, provided services and the like of the other side is judged according to the information fed back by the other side.
The black box scanner has good detection effect on the common SQL injection, but cannot achieve the expected detection effect on the SQL secondary injection. Because of the second injection, the result of the first request cannot analyze whether the SQL injection exists, and the joint point of the second request and the first request cannot be confirmed, which is even worse.
Therefore, it is desirable to provide a detection scheme capable of effectively detecting the secondary injection.
Disclosure of Invention
In view of the above-mentioned defects in the prior art, the technical problem to be solved by the present invention is that the effect of the prior art on the secondary injection hole detection is not good.
In order to achieve the above object, the present invention provides a secondary injection vulnerability detection method, which includes: sending a request for writing a payload into a database to a program to be detected, wherein the payload is a malicious sentence containing an escape character; judging whether the effective load is written into a database corresponding to the program to be detected; detecting whether the payload written by the database is executed or not in the case that the payload is written to the database; and determining that the program to be detected has a secondary injection vulnerability under the condition that the execution of the payload written into the database is detected.
In a preferred embodiment of the present invention, the detecting whether the payload written by the database is executed includes: detecting SQL sentences executed by the program to be detected; judging whether a target statement containing the payload exists in the SQL statement, wherein the target statement is a malicious statement constructed by using the escape character contained in the payload in the database; and when the SQL statement is judged to have the target statement containing the payload, determining that the payload is executed.
In a preferred embodiment of the present invention, the determining whether the payload is written into the database corresponding to the program to be detected includes: searching the database for the presence of the payload using a data probe; acquiring a payload generated by a scanner by using the data probe under the condition that the payload is searched; judging whether the effective load stored in the database is the same as the effective load generated by the scanner or not; and under the condition that the effective load stored in the database is judged to be the same as the effective load generated by the scanner, determining that the effective load is written into the database corresponding to the program to be detected.
In a preferred embodiment of the present invention, after determining that the payload is written into the database corresponding to the program to be detected, the method further includes: the data probe records the payload.
In a preferred embodiment of the present invention, the detecting whether the payload written by the database is executed includes: the data probe detects whether a recorded payload is executed; determining that the payload of the database write was executed if the payload of the record was executed.
In a preferred embodiment of the present invention, before sending the request for writing the payload to the database to the program to be detected, the method further includes: generating, by a scanner, a key, the key to identify the payload; a malicious sentence containing the escaped characters is constructed and the keywords are added after the characters to generate the payload.
In a preferred embodiment of the present invention, the searching whether the payload exists in the database by using a data probe includes: acquiring the keywords from the scanner by using a data probe, and searching whether the keywords exist in the database; determining that the payload exists in the database if the keyword is searched.
In order to achieve the above object, the present invention further provides a secondary injection leak detection apparatus, including: the system comprises a sending module, a receiving module and a sending module, wherein the sending module is used for sending a request for writing a payload into a database to a program to be detected, and the payload is a malicious sentence containing an escape character; the judging module is used for judging whether the effective load is written into a database corresponding to the program to be detected; the detection module is used for detecting whether the payload written by the database is executed or not under the condition that the payload is written into the database; and the determining module is used for determining that the program to be detected has a secondary injection vulnerability under the condition that the execution of the effective load written into the database is detected.
To achieve the above object, the present invention also provides a computer device, comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to perform the secondary injection vulnerability detection method as described above.
In order to achieve the above object, the present invention further provides a computer-readable storage medium storing computer instructions for causing a computer to execute the secondary injection vulnerability detection method as described above.
The device or the method provided by the invention has the following technical effects:
1. sending a malicious sentence containing an escape character to a program to be detected as a payload and writing the malicious sentence into a database, then detecting whether the payload is executed after determining that the payload is written into the database, and if the payload is executed, indicating that a secondary injection vulnerability exists in the program to be detected. The invention judges whether the effective load containing the escape character is written into the database and further judges whether the effective load is executed or not, and judges whether the program to be detected has a secondary injection loophole or not through twice combination, thereby accurately detecting the secondary injection loophole.
2. By detecting the SQL statement and judging whether the SQL statement contains the target statement, the judgment of the secondary injection is realized, and the comprehensive secondary injection detection is realized.
3. By adopting the keywords, the identification performance of the payload is improved, the efficiency of writing and judging the payload is further improved, and on the other hand, the identification efficiency of the target statement in the execution statement is also improved.
The conception, the specific structure and the technical effects of the present invention will be further described with reference to the accompanying drawings to fully understand the objects, the features and the effects of the present invention.
Drawings
FIG. 1 is a flow chart of a second injection vulnerability detection method according to a preferred embodiment of the present invention;
FIG. 2 is a schematic diagram of a second injection hole detection apparatus according to a preferred embodiment of the present invention;
fig. 3 is an internal structural diagram of a computer device provided in an embodiment of the present invention.
Detailed Description
The embodiments of the present invention are described below with reference to specific embodiments, and other advantages and effects of the present invention will be easily understood by those skilled in the art from the disclosure of the present specification. The invention is capable of other and different embodiments and of being practiced or of being carried out in various ways, and its several details are capable of modification in various respects, all without departing from the spirit and scope of the present invention. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict.
It should be noted that the drawings provided in the following embodiments are only for illustrating the basic idea of the present invention, and the drawings only show the components related to the present invention rather than the number, shape and size of the components in actual implementation, and the type, quantity and proportion of the components in actual implementation may be changed freely, and the layout of the components may be more complicated.
Some exemplary embodiments of the invention have been described for illustrative purposes, and it is to be understood that the invention may be practiced otherwise than as specifically described.
The embodiment of the invention provides a secondary injection vulnerability detection method, which is mainly used for SQL secondary injection vulnerability detection, wherein the secondary injection is a program vulnerability as common injection, the secondary injection occurs when a value submitted by a user is stored in a database, and then the value is used by some other functions in an application program without escaping or filtering data. In order to prevent SQL injection attacks, some data input into the application is "escaped", but the data is reused in the query form of "Unescaped".
The secondary injection can be summarized into the following two steps: first, malicious data is inserted. When the data is inserted into the database, the special characters are subjected to escape processing, and the original data is reserved when the special characters are written into the database. In a second step, malicious data is referenced. The data stored in the database is safe by default by a developer, and when the data is inquired, the malicious data is directly taken out from the database without further inspection processing.
Due to the above characteristics of the secondary injection vulnerability, the existing method mainly aims at the payload (payload) and the method for returning the result, and the existence of the secondary injection vulnerability is difficult to detect. Therefore, an embodiment of the present invention provides a secondary injection vulnerability detection method, which is used for detecting whether a secondary injection vulnerability exists in a program to be detected. When the program to be detected is determined to have the secondary injection leak, corresponding protection measures can be taken for safety protection.
As shown in fig. 1, the secondary injection vulnerability detection method includes:
step S101, sending a request for writing a payload into a database to a program to be detected, wherein the payload is a malicious sentence containing an escape character.
The program to be detected may be a piece of software, or may be a website, etc., which corresponds to a database for storing data. For example, a web portal allows a user to log in to a registered account and then use resources within the web portal. At this time, a potential injection risk may occur, and the secondary injection usually involves password tampering with the account of the user as an attack target.
A malicious sentence with an escape character usually refers to data stored in a database, but it contains an escape character and a sentence that can be used by an attacker, for example, admin ' # ' or admin ' or 1 ═ 1#, where # can be interpreted as a comment meaning, and the sentence after # is invalidated. Therefore, if the above statement is combined with other specially edited statements, an attack is performed, and there is a security risk. During the second injection, the payload is usually named and edited into the malicious statement, that is, the payload is admin ' # ' or admin ' or 1 ═ 1#, and during the first injection, the payload can be written into the database of the program to be detected in the name of the registered account number in a request manner. The payload is a malicious sentence containing an escape character, but since the payload is written in the database as a whole (for example, admin ' # ' or admin ' or 1 ═ 1#) at the time of the initial injection, the payload itself is not an execution sentence. The common vulnerability detection mode is adopted, whether the vulnerability injection exists in the request cannot be identified, and only the vulnerability injection mode and the statement in the second injection process can generate corresponding functions.
In this embodiment, a write request that a malicious sentence including an escape character is used as a payload is sent to a program to be detected, and the payload is written into a database to be called and used for the next attack.
And step S102, judging whether the effective load is written into a database corresponding to the program to be detected.
In the embodiment of the invention, when the request for writing the payload is sent to the program to be detected, because the program to be detected is subjected to secondary injection vulnerability detection, whether the payload is successfully written into the database can be judged. If the write is successful, it indicates that the program to be detected may be attacked by the subsequent second injection. If the program to be detected is not written, the program to be detected has the function of defending against the malicious sentences, so that the writing of the similar sentences is prevented.
Taking the above payload as admin '#' as an example, first, a user registration request is sent to an APP (corresponding to a program to be detected), and the user name is edited as admin '#', that is, the admin '#' is taken as the payload, and the request is sent to the APP. After receiving the request, if the user is successfully registered, the APP stores the user name admin '#' in a corresponding database, and then the user name admin '#' may be attacked by secondary injection later, so that the password of the user name admin is modified. Therefore, in the embodiment of the present invention, by determining whether the payload containing the escaped character is written into the database, when it is determined that the payload is written, it may be determined that there is a possibility of being attacked by the secondary injection, that is, it is a suspected secondary injection hole.
And step S103, detecting whether the payload written by the database is executed or not under the condition that the payload is written into the database. On the other hand, if the payload is not written to the database, it may indicate that the program to be detected has better security protection.
For the case that the payload is successfully written into the database, the present embodiment may further detect whether the payload written into the database is executed. If the malicious statement, i.e. the payload, is not executed, i.e. not considered as an execution statement, no intrusion attack will occur, and only if it is executed as an execution statement, the corresponding action will be generated. In an embodiment of the present invention, when it is determined that the payload is written to the database, the second stage of determination is performed, that is, whether the payload is executed is detected. Since the database has corresponding records when executing statements, the detection of the executed statements can be performed by, for example, a data probe, and particularly, a database probe.
And step S104, determining that the program to be detected has a secondary injection vulnerability under the condition that the execution of the effective load written into the database is detected.
In this embodiment, when it is detected that the payload is executed, it can be assumed that the payload is not executed as one processing object but as an execution statement, which indicates that a secondary injection hole is generated.
The above steps can be performed by both the scanner and the data probe, for example, the scanner performs step S101, and the data probe performs steps S102-104.
According to the embodiment of the invention, the malicious sentences containing the escape characters are sent to the program to be detected and written into the database as the effective load, then whether the effective load is executed or not is detected after the effective load is determined to be written into the database, and if the effective load is executed, the program to be detected has secondary injection bugs. The invention judges whether the effective load containing the escape character is written into the database and further judges whether the effective load is executed or not, and judges whether the program to be detected has a secondary injection loophole or not through twice combination, thereby accurately detecting the secondary injection loophole.
As an optional implementation manner, in an embodiment of the present invention, the detecting whether the payload written by the database is executed includes: detecting SQL sentences executed by the program to be detected; judging whether a target statement containing the payload exists in the SQL statement, wherein the target statement is a malicious statement constructed by using the escape character contained in the payload in the database; and when the SQL statement is judged to have the target statement containing the payload, determining that the payload is executed.
In the embodiment of the present invention, the SQL statement may refer to all execution statements after it is determined that the payload is written to the database. Of course, a corresponding request can be edited by the scanner and sent to the program to be detected. The request may carry the target statement. The target sentence is a malicious sentence constructed by using the escape characters contained in the payload in the database. Taking the payload as admin ' # ' as an example, the target sentences may be "update users set password," ' admin ' where user name, "' admin ' # ' key1 and password ═ 123456789", if the sentences are executed, since the following sentences after # are annotated, the password with the account number admin is modified, that is, the second injection occurs.
When the second injection is performed, the request itself sent by the second request does not have an injection vulnerability, and only when the second request is combined with the first request (a request for writing a payload into a database), the payload of the first request is used, and together with the second request, a malicious statement is formed, which causes a problem of the second injection during execution. Here, the second request itself writes a different payload than the first request, but the payload itself does not have any problem, and therefore, the normal injection detection cannot function accordingly. The embodiment of the invention obtains the result after two stages of comprehensive judgment.
In this embodiment, whether the payload is executed as a statement or not may be detected by detecting all executed SQL statements. As described above, the database has a corresponding record when corresponding processing is performed. Such as executing statements and the like. Therefore, all executed SQL statements can be detected and summarized, and then whether the SQL statements contain target statements or not is further judged. If the target sentence is included, it indicates that the second injection has occurred.
Of course, in the embodiment of the present invention, it may also be determined that there is a second injection if the SQL statement completely contains the payload in the first request by detecting whether the SQL statement contains the payload in the first request.
In this embodiment, by detecting the SQL statement and determining whether the target statement is included, the secondary injection is determined, and the comprehensive secondary injection detection is implemented.
As an optional implementation manner, in the step S102 in the embodiment of the present invention, the determining whether the payload is written into the database corresponding to the program to be detected includes: searching the database for the presence of the payload using a data probe; acquiring a payload generated by a scanner by using the data probe under the condition that the payload is searched; judging whether the effective load stored in the database is the same as the effective load generated by the scanner or not; and under the condition that the effective load stored in the database is judged to be the same as the effective load generated by the scanner, determining that the effective load is written into the database corresponding to the program to be detected. Further, after it is determined that the payload is written into the database corresponding to the program to be detected, the method further includes: the data probe records the payload.
In the embodiment of the invention, the judgment of writing the payload in the database is realized by using the data probe, namely, the injection detection is carried out from the database layer, rather than the judgment of the payload in the request or the returned result. When the corresponding payload in the database is detected, the corresponding payload is compared with the payload generated by the scanner, whether the two are completely the same or not is judged, and if the two are completely the same, the fact that the payload generated by the scanner is written into the database is indicated.
The scanner described in the above embodiments may be used to generate a payload and a corresponding test request, for example, the request described in step S101. On the other hand, after the scanner generates the payload, it can directly transmit the data probe, so that the data probe can compare the detected payload in the database with the received payload transmitted by the scanner.
In this embodiment, the purpose of recording the detected payload is to facilitate the later determination of whether or not to be performed. Specifically, the detecting whether the payload written by the database is executed includes: the data probe detects whether a recorded payload is executed; determining that the payload of the database write was executed if the payload of the record was executed. If the data probe records the effective load, the effective load written into the database is executed.
As another optional implementation manner, in the embodiment of the present invention, a keyword is further added to the payload, so as to determine the position of the payload quickly and efficiently. Specifically, in the embodiment of the present invention, before sending, to the program to be detected, a request for writing the payload into the database, the method further includes: generating, by a scanner, a key, the key to identify the payload; a malicious sentence containing the escaped characters is constructed and the keywords are added after the characters to generate the payload. After the payload is generated, it is sent to the data probe along with the Key.
Further, the searching, using a data probe, whether the payload is present in the database comprises: acquiring the keywords from the scanner by using a data probe, and searching whether the keywords exist in the database; determining that the payload exists in the database if the keyword is searched.
For example, the scanner generates a payload with an identifying key, such as admin' # key1 in the example. The data probe records the keys, can record and compare the searched keys with the scanner payload, if the same is the successful insertion of the malicious sentence in the database, in the example, the key1 is searched, and records the payload admin' # key1 as the successful insertion of the malicious sentence.
In the embodiment of the invention, the identification of the payload is improved by adopting the keywords, so that the efficiency of writing and judging the payload is improved, and on the other hand, the identification efficiency of the target statement in the execution statement is also improved.
An embodiment of the present invention further provides a secondary injection vulnerability detection apparatus, which may be used to execute the secondary injection vulnerability detection method described in fig. 1, as shown in fig. 2, the apparatus includes:
a sending module 201, configured to send a request for writing a payload into a database to a program to be detected, where the payload is a malicious sentence containing an escape character;
a judging module 202, configured to judge whether the payload is written into a database corresponding to the program to be detected;
a detection module 203, configured to detect whether the payload written by the database is executed in a case where the payload is written to the database;
a determining module 204, configured to determine that a secondary injection vulnerability exists in the program to be detected, when it is detected that the payload written to the database is executed.
According to the embodiment of the invention, the malicious sentences containing the escape characters are sent to the program to be detected and written into the database as the effective load, then whether the effective load is executed or not is detected after the effective load is determined to be written into the database, and if the effective load is executed, the program to be detected has secondary injection bugs. The invention judges whether the effective load containing the escape character is written into the database and further judges whether the effective load is executed or not, and judges whether the program to be detected has a secondary injection loophole or not through twice combination, thereby accurately detecting the secondary injection loophole.
In a preferred embodiment of the present invention, the detection module comprises: the first detection unit is used for detecting the SQL sentences executed by the program to be detected; a first judging unit, configured to judge whether a target statement that includes the payload exists in the SQL statement, where the target statement is a malicious statement constructed by using an escape character included in the payload in the database; a first determining unit, configured to determine that the payload is executed when it is determined that the target statement including the payload exists in the SQL statement.
In a preferred embodiment of the present invention, the determining module includes: a search unit for searching the database for the presence of the payload using a data probe; a second judging unit, configured to acquire, by using the data probe, a payload generated by a scanner if the payload is searched for; the scanner judges whether the effective load stored in the database is the same as the effective load generated by the scanner; and the second determining unit is used for determining that the effective load is written into the database corresponding to the program to be detected under the condition that the effective load stored in the database is judged to be the same as the effective load generated by the scanner.
In a preferred embodiment of the present invention, the determining module further includes: and the recording unit is used for recording the effective load by the data probe after the effective load is determined to be written into the database corresponding to the program to be detected.
In a preferred embodiment of the present invention, the detection module comprises: a second probing unit for the data probe to probe whether the recorded payload is executed; a third determination unit configured to determine that the payload of the database write is executed, in a case where the payload of the record is executed.
In a preferred embodiment of the invention, the apparatus further comprises: the generating module is used for generating keywords through a scanner before sending a request for writing the payload into a database to the program to be detected, wherein the keywords are used for identifying the payload; and the construction module is used for constructing a malicious sentence containing the escaped characters, and adding the keywords after the characters so as to generate the payload.
In a preferred embodiment of the present invention, the search unit includes: an obtaining subunit, configured to obtain the keyword from the scanner by using a data probe, and search whether the keyword exists in the database; a determining subunit, configured to determine that the payload exists in the database when the keyword is searched.
The above detailed description of the apparatus is not repeated herein with reference to the above method embodiments.
In an embodiment of the present invention, a computer device is further provided, where the computer device may be a backend server in the foregoing embodiments, and an internal structure diagram of the computer device may be as shown in fig. 3. The computer device comprises a processor, a memory and a network interface which are connected through a system bus, and also comprises a display screen and an input device. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external computer device through a network connection. The computer program is executed by a processor to realize the secondary injection vulnerability detection method, the computer equipment also comprises a display screen and an input device, the display screen can be a liquid crystal display screen or an electronic ink display screen, the input device of the computer equipment can be a touch layer covered on the display screen, and can also be a key, a track ball or a touch pad and the like arranged on the shell of the computer equipment.
On the other hand, the computer device may not include a display screen and an input device, and those skilled in the art will understand that the structure shown in fig. 3 is only a block diagram of a part of the structure related to the present application, and does not constitute a limitation of the computer device to which the present application is applied, and a specific computer device may include more or less components than those shown in the figure, or combine some components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor, the instructions being executable by the at least one processor to perform the steps of:
sending a request for writing a payload into a database to a program to be detected, wherein the payload is a malicious sentence containing an escape character;
judging whether the effective load is written into a database corresponding to the program to be detected;
detecting whether the payload written by the database is executed or not in the case that the payload is written to the database;
and determining that the program to be detected has a secondary injection vulnerability under the condition that the execution of the payload written into the database is detected.
In one embodiment, a readable storage medium is provided, the computer readable storage medium having stored thereon computer instructions for causing the computer to perform:
sending a request for writing a payload into a database to a program to be detected, wherein the payload is a malicious sentence containing an escape character;
judging whether the effective load is written into a database corresponding to the program to be detected;
detecting whether the payload written by the database is executed or not in the case that the payload is written to the database;
and determining that the program to be detected has a secondary injection vulnerability under the condition that the execution of the payload written into the database is detected.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present application. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
The foregoing embodiments are merely illustrative of the principles and utilities of the present invention and are not intended to limit the invention. Any person skilled in the art can modify or change the above-mentioned embodiments without departing from the spirit and scope of the present invention. Accordingly, it is intended that all equivalent modifications or changes which can be made by those skilled in the art without departing from the spirit and technical spirit of the present invention be covered by the claims of the present invention.
Claims (10)
1. A secondary injection vulnerability detection method is characterized by comprising the following steps:
sending a request for writing a payload into a database to a program to be detected, wherein the payload is a malicious sentence containing an escape character;
judging whether the effective load is written into a database corresponding to the program to be detected;
detecting whether the payload written by the database is executed or not in the case that the payload is written to the database;
and determining that the program to be detected has a secondary injection vulnerability under the condition that the execution of the payload written into the database is detected.
2. The secondary injection vulnerability detection method of claim 1, wherein the probing whether the database written payload is executed comprises:
detecting SQL sentences executed by the program to be detected;
judging whether a target statement containing the payload exists in the SQL statement, wherein the target statement is a malicious statement constructed by using the escape character contained in the payload in the database;
and when the SQL statement is judged to have the target statement containing the payload, determining that the payload is executed.
3. The method according to claim 1, wherein the determining whether the payload is written into the database corresponding to the program to be detected comprises:
searching the database for the presence of the payload using a data probe;
acquiring a payload generated by a scanner by using the data probe under the condition that the payload is searched;
judging whether the effective load stored in the database is the same as the effective load generated by the scanner or not;
and under the condition that the effective load stored in the database is judged to be the same as the effective load generated by the scanner, determining that the effective load is written into the database corresponding to the program to be detected.
4. The method of detecting secondary injection vulnerabilities of claim 3, further comprising, after determining that the payload is written to the database corresponding to the program to be detected:
the data probe records the payload.
5. The secondary injection vulnerability detection method of claim 4, wherein the probing whether the database written payload is executed comprises:
the data probe detects whether a recorded payload is executed;
determining that the payload of the database write was executed if the payload of the record was executed.
6. The secondary injection vulnerability detection method of claim 3, wherein before sending the request to the program to be detected for writing the payload to the database, further comprising:
generating, by a scanner, a key, the key to identify the payload;
a malicious sentence containing the escaped characters is constructed and the keywords are added after the characters to generate the payload.
7. The secondary injection vulnerability detection method of claim 6, wherein the searching the database for the presence of the payload using a data probe comprises:
acquiring the keywords from the scanner by using a data probe, and searching whether the keywords exist in the database;
determining that the payload exists in the database if the keyword is searched.
8. The utility model provides a secondary injection leak detection device which characterized in that includes:
the system comprises a sending module, a receiving module and a sending module, wherein the sending module is used for sending a request for writing a payload into a database to a program to be detected, and the payload is a malicious sentence containing an escape character;
the judging module is used for judging whether the effective load is written into a database corresponding to the program to be detected;
the detection module is used for detecting whether the payload written by the database is executed or not under the condition that the payload is written into the database;
and the determining module is used for determining that the program to be detected has a secondary injection vulnerability under the condition that the execution of the effective load written into the database is detected.
9. A computer device, comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to perform the secondary injection vulnerability detection method of any of claims 1-7.
10. A computer-readable storage medium storing computer instructions for causing a computer to perform the secondary injection vulnerability detection method of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111092799.8A CN113961927A (en) | 2021-09-17 | 2021-09-17 | Secondary injection vulnerability detection method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111092799.8A CN113961927A (en) | 2021-09-17 | 2021-09-17 | Secondary injection vulnerability detection method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113961927A true CN113961927A (en) | 2022-01-21 |
Family
ID=79461896
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111092799.8A Pending CN113961927A (en) | 2021-09-17 | 2021-09-17 | Secondary injection vulnerability detection method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113961927A (en) |
-
2021
- 2021-09-17 CN CN202111092799.8A patent/CN113961927A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Carmony et al. | Extract Me If You Can: Abusing PDF Parsers in Malware Detectors. | |
| TWI575397B (en) | Point-wise protection of application using runtime agent and dynamic security analysis | |
| CN103984900A (en) | Android application vulnerability detection method and Android application vulnerability detection system | |
| JP5863973B2 (en) | Program execution device and program analysis device | |
| EP2891104B1 (en) | Detecting a malware process | |
| TWI574173B (en) | Determine secure activity of application under test | |
| WO2019144548A1 (en) | Security test method, apparatus, computer device and storage medium | |
| CN113158197B (en) | SQL injection vulnerability detection method and system based on active IAST | |
| Zhang et al. | Android ion hazard: The curse of customizable memory management system | |
| US11809556B2 (en) | System and method for detecting a malicious file | |
| Wei et al. | A comprehensive study on security bug characteristics | |
| Shahriar et al. | Mutation-based testing of buffer overflow vulnerabilities | |
| CN111967044A (en) | Method and system for tracking leaked private data suitable for cloud environment | |
| CN111783159A (en) | Webpage tampering verification method and device, computer equipment and storage medium | |
| Zhu et al. | Detecting privilege escalation attacks through instrumenting web application source code | |
| CN116450533B (en) | Security detection method and device for application program, electronic equipment and medium | |
| CN113961927A (en) | Secondary injection vulnerability detection method, device, equipment and storage medium | |
| US10650148B2 (en) | Determine protective measure for data that meets criteria | |
| CN113872919B (en) | Vulnerability scanning method and device | |
| CN115048645A (en) | Detection method, device, equipment and medium for collecting privacy information beyond range | |
| CN106790169A (en) | The means of defence and device of scanning device scanning | |
| CN113961928A (en) | Storage type cross-site scripting attack vulnerability detection method, device, equipment and storage medium | |
| CN111625784B (en) | Anti-debugging method of application, related device and storage medium | |
| CN116502239B (en) | Memory vulnerability detection method, device, equipment and medium for binary program | |
| CN115758374B (en) | Account enumeration vulnerability detection method, system and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |