CN114884690A - Method for detecting SQL injection point based on keyword duplicating method and application - Google Patents
Method for detecting SQL injection point based on keyword duplicating method and application Download PDFInfo
- Publication number
- CN114884690A CN114884690A CN202210319051.5A CN202210319051A CN114884690A CN 114884690 A CN114884690 A CN 114884690A CN 202210319051 A CN202210319051 A CN 202210319051A CN 114884690 A CN114884690 A CN 114884690A
- Authority
- CN
- China
- Prior art keywords
- sql injection
- keyword
- injection
- sql
- detecting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000002347 injection Methods 0.000 title claims abstract description 171
- 239000007924 injection Substances 0.000 title claims abstract description 171
- 238000000034 method Methods 0.000 title claims abstract description 83
- 238000001514 detection method Methods 0.000 claims abstract description 19
- 238000001914 filtration Methods 0.000 claims abstract description 12
- 238000003860 storage Methods 0.000 claims description 11
- 238000004590 computer program Methods 0.000 claims description 10
- 238000013459 approach Methods 0.000 claims description 6
- 238000005096 rolling process Methods 0.000 claims 2
- 238000010586 diagram Methods 0.000 description 13
- 101100496563 Mus musculus Col6a4 gene Proteins 0.000 description 8
- 230000006870 function Effects 0.000 description 7
- 238000012545 processing Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 235000014510 cooky Nutrition 0.000 description 2
- 238000005336 cracking Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000011156 evaluation Methods 0.000 description 2
- 238000000605 extraction Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000007717 exclusion Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 239000000243 solution Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Computer And Data Communications (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a method for detecting SQL injection points based on a keyword duplicating method and application thereof, wherein the method comprises the following steps: analyzing a data packet or URL corresponding to a webpage to be detected to detect the position of an SQL injection point; judging whether the injection logic statement constructed by the error reporting trying method can normally run at the position; if yes, the position can be injected, and is an SQL injection point; if not, judging whether the injection logic statement duplicated by the keyword duplicating method is filtered by the WAF firewall into a duplicate injection logic statement running normally; if so, the location may be injected, which is an SQL injection point. The method can analyze the returned pages and data packets of different requests by combining common SQL injection detection and duplication method injection detection, and can bypass WAF firewall filtering rules, thereby more effectively finding out SQL injection points of websites, listing possible bugs, and providing a more effective reference basis for security assessment of websites.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method for detecting an SQL injection point based on a keyword duplicating method and application thereof.
Background
With the gradual development of the internet, more and more websites providing various services provide great convenience for the daily life of people. However, with the development of the internet and the advancement of computer technology, the kinds of attacks on the website system are more and more frequent. Among them, Structured Query Language (SQL) injection attacks have become one of the most frequent attack modes encountered by network systems.
The SQL injection attack is a security event that an attacker injects a malicious SQL command into a background database engine to execute by utilizing an SQL injection vulnerability in an existing application program so as to achieve the purpose of stealing data and even controlling a database server. SQL injection vulnerabilities are common in Web applications that utilize the Hypertext transfer protocol (HTTP) to enable communication between clients and Web servers.
At present, the existing detection method of the SQL injection attack mainly judges whether the structure statement can be normally run at the SQL injection point, and if the judgment result is yes, the client is determined to perform the SQL injection attack. The method has the defects that the SQL injection statement is constructed in a single type, injection points are easy to miss, and detection is insufficient; once a WAF firewall is added before WEB application, injection detection cannot be realized; the SQL injection keyword can not be found by an analysis method, the SQL injection is realized, and the detection is not accurate enough.
The information disclosed in this background section is only for enhancement of understanding of the general background of the invention and should not be taken as an acknowledgement or any form of suggestion that this information forms the prior art already known to a person skilled in the art.
Disclosure of Invention
The invention aims to provide a method for detecting an SQL injection point based on a keyword duplicating method and application thereof, and solves the problem that the SQL injection point detection cannot be realized when a WAF firewall exists before WEB application.
In order to achieve the above object, an embodiment of the present invention provides a method for detecting an SQL injection point based on a keyword duplication method.
In one or more embodiments of the invention, the method comprises: analyzing a data packet or URL corresponding to a webpage to be detected to detect the position of an SQL injection point; judging whether the injection logic statement constructed by the error reporting trying method can normally run at the position; if yes, the position can be injected, and is an SQL injection point; if not, judging whether the injection logic statement duplicated by the keyword duplicating method is filtered by the WAF firewall into a duplicate injection logic statement running normally; if so, the location may be injected, which is the SQL injection point.
In one or more embodiments of the present invention, the determining whether the injection logic statement rewritten by the rewrite key method is filtered by the WAF firewall to be a normally running rewrite injection logic statement includes: detecting a rewritable keyword in the WAF firewall filtering rule; deleting the rewritable keywords in the duplicate injection logic statement; judging whether the duplicate injection logic statement after deleting the rewritable keywords can normally run or not; if so, the location may be injected, which is the SQL injection point.
In one or more embodiments of the invention, the method further comprises: storing the rewritable keyword into a rewritable keyword method; detecting whether a new keyword exists; if yes, all the keywords are connected in series, and a complete injection logic statement is constructed according to the keywords.
In one or more embodiments of the invention, the method further comprises: judging whether the complete injection logic statement can normally run or not; if yes, the position can be injected, and is an SQL injection point; if not, the position can not be injected, and is not an SQL injection point.
In another aspect of the present invention, an apparatus for detecting an SQL injection point based on a duplicate key method is provided, which includes a detection module and a determination module.
And the detection module is used for analyzing the data packet or URL corresponding to the webpage to be detected so as to detect the position of the SQL injection point.
The judging module is used for judging whether the injection logic statement constructed by the error reporting trying method can normally run at the position; if yes, the position can be injected, and is an SQL injection point; if not, judging whether the injection logic statement duplicated by the keyword duplicating method is filtered by the WAF firewall into a duplicate injection logic statement running normally; if so, the location may be injected, which is the SQL injection point.
In one or more embodiments of the present invention, the determining module is further configured to: detecting a rewritable keyword in the WAF firewall filtering rule; deleting the rewritable keywords in the duplicate injection logic statement; judging whether the duplicate injection logic statement after deleting the rewritable keywords can normally run or not; if so, the location may be injected, which is the SQL injection point.
In one or more embodiments of the present invention, the detection module is further configured to: storing the rewritable keyword into a rewritable keyword method; detecting whether a new keyword exists; if yes, all the keywords are connected in series, and a complete injection logic statement is constructed according to the keywords.
In one or more embodiments of the present invention, the determining module is further configured to: judging whether the complete injection logic statement can normally run or not; if yes, the position can be injected, and is an SQL injection point; if not, the position can not be injected, and is not an SQL injection point.
In another aspect of the present invention, there is provided an electronic device including: at least one processor; and a memory storing instructions that, when executed by the at least one processor, cause the at least one processor to perform the method of detecting SQL injection points based on a duplicate key method as described above.
In another aspect of the present invention, a computer readable storage medium is provided, having stored thereon a computer program, which when executed by a processor, implements the steps of the method for detecting SQL injection points based on the duplicate key method as described.
Compared with the prior art, the method for detecting the SQL injection point based on the duplicate keyword method and the application thereof can analyze the returned pages and data packets of different requests by combining the common SQL injection detection and the duplicate injection detection, can bypass the WAF firewall filtering rule, thereby more effectively finding the SQL injection point of the website, listing possible bugs, and providing a more effective reference basis for the security evaluation of the website.
Drawings
FIG. 1 is a flow diagram of a method for detecting SQL injection points based on a duplicate key approach, according to an embodiment of the invention;
FIG. 2 is a detailed flow diagram of a method for detecting SQL injection points based on a duplicate key method according to an embodiment of the invention;
FIG. 3 is a block diagram of an apparatus for detecting SQL injection points based on a duplicate key method according to an embodiment of the present invention;
FIG. 4 is a hardware block diagram of a computing device for detecting SQL injection points based on a duplicate key method according to an embodiment of the invention.
Detailed Description
The following detailed description of the present invention is provided in conjunction with the accompanying drawings, but it should be understood that the scope of the present invention is not limited to the specific embodiments.
Throughout the specification and claims, unless explicitly stated otherwise, the word "comprise", or variations such as "comprises" or "comprising", will be understood to imply the inclusion of a stated element or component but not the exclusion of any other element or component.
The technical solutions provided by the embodiments of the present invention are described in detail below with reference to the accompanying drawings.
Example 1
Referring to fig. 1, a method for detecting SQL injection points based on a duplicate key method in an embodiment of the present invention is described, which includes the following steps.
In step S101, a data packet or a URL corresponding to the to-be-detected web page is analyzed to detect a location of the SQL injection point.
SQL injection is a hacking method in which a hacker splices a carefully constructed code behind a normal query statement and substitutes the code into a database to execute, thereby obtaining information of the database and even performing rights extraction. The SQL injection means that the web application program does not judge the legitimacy of the data input by the user or filters the data badly, and an attacker can add an extra SQL statement at the end of a query statement defined in advance in the web application program to realize illegal operation under the condition that an administrator is not aware of the additional SQL statement, so that the database server is deceived to execute unauthorized random queries, and corresponding data information is further obtained.
SQL is a structured query language for operating database data, and is adopted when the application data of a webpage and the data in a background database are interacted. The SQL injection is to modify and splice the parameters input by the original URL, the form field or the data packet of the Web page into an SQL statement, transmit the SQL statement to the Web server and further transmit the SQL statement to the database server to execute the database command. For example, a Web application developer directly transmits contents such as data or cookies input by a user to a database without filtering or verifying the contents (i.e., there is an injection point), which may cause execution of spliced SQL, acquisition of information and rights-granting to the database, and occurrence of SQL injection attack.
The common SQL injection idea is as follows: judging whether an SQL injection point exists or not through a 1' or 1 ═ 1# statement, because a section of code exists in a general SQL code: SELECT FROM tape name WHERE ID, when injected by SQL, becomes: the SELECT FROM floor WHERE ID is variable OR 1# to change the expression after the floor into a possible expression, which is equal to the SELECT FROM floor, so that all the user information in the current data table can be obtained through the expression.
Acquiring a return display position: ' union select 1, 2#, determine the return display positions to be "1" and "2"; acquiring a current user and a database through an' union select user () # statement, wherein the current data is DVWA, and the current user is xxxx; acquiring all library names, table names and attribute values in a database: schema # is selected schema _ name, 2from information _ schema; ' unetion selection table _ name, 2from information _ schema. "uneion selection column _ name, 2from information _ schema.
And constructing an injection statement according to the information: user # returns to display information of account and password MD5 in the users table, and obtains authority of background account by breaking through online MD 5.
In this embodiment, the position of the SQL injection point is detected by analyzing the data packet or the URL corresponding to the to-be-detected webpage. Whether the position is injectable is detected by performing error reporting attempt and keyword duplicating method on the position, and then whether an SQL injection point exists in the position is judged.
In step S102, it is determined whether the injection logic sentence constructed by the error trial method can normally operate in place.
when the web application program is in SQL injection operation, an error is reported by the SQL database, the SQL injection vulnerability of the web application program can be known by using the SQL database error report information returned by the web page, and which database is adopted by the web application can be known by matching error report information templates of various databases.
In step S103, it is determined whether the injection logic statement rewritten by the rewrite key method is filtered by the WAF firewall into a normally operating rewrite injection logic statement.
The WAF firewall (also called Web application protection system or website application level intrusion prevention system) provides protection specifically for Web applications by enforcing a series of security policies for HTTP/HTTPs to solve Web application security issues such as firewall that are not mandated by traditional devices. Unlike traditional firewalls, the WAF works at the application layer, thus having inherent technical advantages for Web application protection. Based on deep understanding of Web application service and logic, the WAF detects and verifies the content of various requests from a Web application program client, ensures the security and the legality of the requests, and blocks illegal requests in real time, thereby effectively protecting various website sites.
The SQL injection method for duplicating the keywords refers to the steps of analyzing return pages and data packets of different injection logic statements to judge whether WAF firewall filtering rules exist or not, detecting related keywords through a duplication method, constructing injection logic statements, and further bypassing WAF firewalls to judge whether SQL injection vulnerabilities exist or not. For example, construct a sentence: 1' or 1 ═ 1select unity or from #, and the page display can be returned, assuming that select unity or from is masked as a keyword, respectively. If the returned page displays error, the related keywords are not filtered. The new key is tried repeatedly until all keys needed to construct the sentence are identified.
According to the rule that the WAF firewall is matched with keywords, after sentences of 'union select user, password from dvwa. users # are scanned, the keywords of select or from are discarded, the updated injection logic sentences are' union select user, password from dvwa. users #, the sentences can run normally, the information of an account and a password MD5 in a user table is returned and displayed, and background account authority is obtained through online MD5 cracking, so that SQL injection is realized. By the method, WAF defense is bypassed, and the purpose of detecting whether the SQL injection point exists is achieved.
Example 2
Referring to fig. 2, a method for detecting SQL injection points based on a duplicate key method in an embodiment of the present invention is described, which includes the following steps.
In step S201, the data packet or URL corresponding to the to-be-detected web page is analyzed to detect the location of the SQL injection point.
SQL injection is a hacking method in which a hacker splices a carefully constructed code behind a normal query statement and substitutes the code into a database to execute, thereby obtaining information of the database and even performing rights extraction. The SQL injection means that the web application program does not judge the legitimacy of the data input by the user or filters the data badly, and an attacker can add an extra SQL statement at the end of a query statement defined in advance in the web application program to realize illegal operation under the condition that an administrator is not aware of the additional SQL statement, so that the database server is deceived to execute unauthorized random queries, and corresponding data information is further obtained.
SQL is a structured query language for operating database data, and is adopted when the application data of a webpage and the data in a background database are interacted. The SQL injection is to modify and splice the parameters input by the original URL, the form field or the data packet of the Web page into an SQL statement, transmit the SQL statement to the Web server and further transmit the SQL statement to the database server to execute the database command. For example, a Web application developer directly transmits contents such as data or cookies input by a user to a database without filtering or verifying the contents (i.e., there is an injection point), which may cause execution of spliced SQL, acquisition of information and rights-granting to the database, and occurrence of SQL injection attack.
The common SQL injection idea is as follows: judging whether an SQL injection point exists or not through a 1' or 1 ═ 1# statement, because a section of code exists in a general SQL code: SELECT FROM tape name WHERE ID, when injected by SQL, becomes: the SELECT FROM floor WHERE ID is variable OR 1# to change the expression after the floor into a possible expression, which is equal to the SELECT FROM floor, so that all the user information in the current data table can be obtained through the expression.
Acquiring a return display position: ' union select 1, 2#, determine the return display positions to be "1" and "2"; acquiring a current user and a database through an' union select user () # statement, wherein the current data is DVWA, and the current user is xxxx; acquiring all library names, table names and attribute values in a database: schema # is selected schema _ name, 2from information _ schema; ' unetion selection table _ name, 2from information _ schema. "uneion selection column _ name, 2from information _ schema.
And constructing an injection statement according to the information: user # returns to display information of account and password MD5 in the users table, and obtains authority of background account by breaking through online MD 5.
In this embodiment, the position of the SQL injection point is detected by analyzing the data packet or the URL corresponding to the to-be-detected webpage. Whether the position is injectable is detected by performing error reporting attempt and keyword duplicating method on the position, and then whether an SQL injection point exists in the position is judged.
In step S202, it is determined whether the injection logic statement constructed by the error trial method can normally operate in place.
when the web application program is in SQL injection operation, an error is reported by the SQL database, the SQL injection vulnerability of the web application program can be known by using the SQL database error report information returned by the web page, and which database is adopted by the web application can be known by matching error report information templates of various databases.
In step S203, it is determined whether the injection logic statement copied according to the keyword is filtered by the WAF firewall into a normally operating duplicate injection logic statement.
The WAF firewall (also called Web application protection system or website application level intrusion prevention system) provides protection specifically for Web applications by enforcing a series of security policies for HTTP/HTTPs to solve Web application security issues such as firewall that are not mandated by traditional devices. Unlike traditional firewalls, the WAF works at the application layer, thus having inherent technical advantages for Web application protection. Based on deep understanding of Web application service and logic, the WAF detects and verifies the content of various requests from a Web application program client, ensures the security and the legality of the requests, and blocks illegal requests in real time, thereby effectively protecting various website sites.
The SQL injection method for duplicating the keywords refers to the steps of analyzing return pages and data packets of different injection logic statements to judge whether WAF firewall filtering rules exist or not, detecting related keywords through a duplication method, constructing injection logic statements, and further bypassing WAF firewalls to judge whether SQL injection vulnerabilities exist or not. For example, construct a sentence: 1' or 1 ═ 1select unity or from #, and the page display can be returned, assuming that select unity or from is masked as a keyword, respectively. If the returned page displays error, the related keywords are not filtered.
In step S204, new keywords are repeatedly obtained, all keywords are concatenated, and a complete injection logic statement is constructed.
For example, the keyword select is discarded after a statement 'union select user, password from now dvwa. users #, is scanned according to the rule that the WAF firewall matches the keyword, the updated injection logic statement is union select user, password from now dvwa. users #, the statement cannot normally run, the keywords are continuously obtained again, the keywords are obtained respectively, all the keywords are connected in series, namely, the selection unit from, the keywords are discarded, and the complete injection logic statement is constructed as the' union select user, password from dvwa. users #.
In step S205, it is determined whether the complete injection logic statement can operate normally.
And judging whether the complete injection logic statement is' union select user, password from dvwa. users #, can normally run, if so, returning to display account and password MD5 information, and obtaining background account authority through cracking of an online MD5 to realize SQL injection. At this point there is an SQL injection vulnerability at this location.
Referring to fig. 3, an apparatus for detecting SQL injection points based on the duplicate key method according to an embodiment of the present invention is described.
In the embodiment of the invention, the device for detecting the SQL injection point based on the duplicate key method comprises a detection module 301 and a judgment module 302.
The detection module 301 is configured to analyze a data packet or a URL corresponding to a to-be-detected web page to detect a location of an SQL injection point.
A judging module 302, configured to judge whether an injection logic statement constructed by an error reporting attempt method can normally run at a location; if yes, the position can be injected, and the position is an SQL injection point; if not, judging whether the injection logic statement duplicated by the keyword duplicating method is filtered by the WAF firewall into a duplicate injection logic statement running normally; if so, the location can be injected, which is the SQL injection point.
The determining module 302 is further configured to: detecting a rewritable keyword in the WAF firewall filtering rule; deleting the rewritable keywords in the duplicate injection logic statement; judging whether the duplicate injection logic statement after the rewritable keywords are deleted can normally run or not; if so, the location can be injected, which is the SQL injection point.
The detection module 301 is further configured to: storing the rewritable keywords in a rewritable keyword method; detecting whether a new keyword exists; if yes, all the keywords are connected in series, and a complete injection logic statement is constructed according to the keywords.
The determining module 302 is further configured to: judging whether the complete injection logic statement can normally run or not; if yes, the position can be injected, and the position is an SQL injection point; if not, the location cannot be injected, and is not the SQL injection point.
Fig. 4 illustrates a hardware block diagram of a computing device 40 for detecting SQL injection points based on a duplicate key method according to an embodiment of the present description. As shown in fig. 4, the computing device 40 may include at least one processor 401, a storage 402 (e.g., a non-volatile storage), a memory 403, and a communication interface 404, and the at least one processor 401, the storage 402, the memory 403, and the communication interface 404 are connected together via a bus 405. The at least one processor 401 executes at least one computer readable instruction stored or encoded in the memory 402.
It should be appreciated that the computer-executable instructions stored in the memory 402, when executed, cause the at least one processor 401 to perform the various operations and functions described above in connection with fig. 1-4 in the various embodiments of the present description.
In embodiments of the present description, computing device 40 may include, but is not limited to: personal computers, server computers, workstations, desktop computers, laptop computers, notebook computers, mobile computing devices, smart phones, tablet computers, cellular phones, Personal Digital Assistants (PDAs), handheld devices, messaging devices, wearable computing devices, consumer electronics, and so forth.
According to one embodiment, a program product, such as a machine-readable medium, is provided. A machine-readable medium may have instructions (i.e., elements described above as being implemented in software) that, when executed by a machine, cause the machine to perform various operations and functions described above in connection with fig. 1-4 in the various embodiments of the present specification. Specifically, a system or apparatus may be provided which is provided with a readable storage medium on which software program code implementing the functions of any of the above embodiments is stored, and causes a computer or processor of the system or apparatus to read out and execute instructions stored in the readable storage medium.
According to the method for detecting the SQL injection point based on the duplicate keyword method and the application thereof, disclosed by the embodiment of the invention, return pages and data packets of different requests can be analyzed by combining common SQL injection detection and duplicate injection detection, and the WAF firewall filtering rule can be bypassed, so that the SQL injection point of a website can be found more effectively, possible bugs can be listed, and a more effective reference basis is provided for the security evaluation of the website.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The foregoing descriptions of specific exemplary embodiments of the present invention have been presented for purposes of illustration and description. It is not intended to limit the invention to the precise form disclosed, and obviously many modifications and variations are possible in light of the above teaching. The exemplary embodiments were chosen and described in order to explain certain principles of the invention and its practical application to enable one skilled in the art to make and use various exemplary embodiments of the invention and various alternatives and modifications as are suited to the particular use contemplated. It is intended that the scope of the invention be defined by the claims and their equivalents.
Claims (10)
1. A method for detecting SQL injection points based on a keyword duplicating method is characterized by comprising the following steps:
analyzing a data packet or URL corresponding to a webpage to be detected to detect the position of an SQL injection point;
judging whether the injection logic statement constructed by the error reporting trying method can normally run at the position; if not, the user can not select the specific application,
judging whether the injection logic statement duplicated by the duplication keyword method is filtered by the WAF firewall into a duplication injection logic statement which normally runs; if so,
the location may be injected and is a SQL injection point.
2. The method of detecting SQL injection points based on the carbon-copy keyword method of claim 1, wherein the determining whether the injected logical statements carbon-copy by the carbon-copy keyword method are filtered by the WAF firewall into normally running carbon-copy injected logical statements comprises:
detecting a rewritable keyword in the WAF firewall filtering rule;
deleting the rewritable keywords in the duplicate injection logic statement;
judging whether the duplicate injection logic statement after deleting the rewritable keywords can normally run or not; if so,
the location may be injected and is a SQL injection point.
3. The method of detecting SQL injection points based on the duplicate key approach of claim 2, further comprising:
storing the rewritable keyword into a rewritable keyword method;
detecting whether a new keyword exists; if so,
and connecting all the keywords in series, and constructing a complete injection logic statement according to the keywords.
4. The method of detecting SQL injection points based on the duplicate key approach of claim 3, further comprising:
judging whether the complete injection logic statement can normally run or not; if so,
the location can be injected, and is an SQL injection point; if not, the user can not select the specific application,
the location is not injectable, not a SQL injection point.
5. An apparatus for detecting SQL injection points based on a duplicate key method, the apparatus comprising:
the detection module is used for analyzing a data packet or URL corresponding to the webpage to be detected so as to detect the position of the SQL injection point;
the judging module is used for judging whether the injection logic statement constructed by the error reporting trying method can normally run at the position; if not, judging whether the injection logic statement duplicated by the keyword duplicating method is filtered by the WAF firewall into a duplicate injection logic statement running normally; if so, the location may be injected, which is the SQL injection point.
6. The apparatus for detecting SQL injection points based on the duplicate key approach of claim 5, wherein the determining module is further configured to:
detecting a rewritable keyword in the WAF firewall filtering rule;
deleting the rewritable keywords in the duplicate injection logic statement;
judging whether the duplicate injection logic statement after deleting the rewritable keywords can normally run or not; if so,
the location may be injected and is a SQL injection point.
7. The apparatus for detecting SQL injection points based on the duplicate key approach of claim 6, wherein the detection module is further configured to:
storing the rewritable keyword into a rewritable keyword method;
detecting whether a new keyword exists; if so,
and connecting all the keywords in series, and constructing a complete injection logic statement according to the keywords.
8. The apparatus for detecting SQL injection points based on the duplicate key approach of claim 7, wherein the determining module is further configured to:
judging whether the complete injection logic statement can normally run or not; if so,
the location can be injected, and is an SQL injection point; if not, the user can not select the specific application,
the location is not injectable, not a SQL injection point.
9. An electronic device, comprising:
at least one processor; and
a memory storing instructions that, when executed by the at least one processor, cause the at least one processor to perform the method of checking for rolling code duplication inside a coding chip of any one of claims 1 to 4.
10. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the method of checking an internal rolling code repetition of a coding chip according to any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210319051.5A CN114884690B (en) | 2022-03-29 | 2022-03-29 | Method and device for detecting SQL injection point, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210319051.5A CN114884690B (en) | 2022-03-29 | 2022-03-29 | Method and device for detecting SQL injection point, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114884690A true CN114884690A (en) | 2022-08-09 |
| CN114884690B CN114884690B (en) | 2024-01-02 |
Family
ID=82669710
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210319051.5A Active CN114884690B (en) | 2022-03-29 | 2022-03-29 | Method and device for detecting SQL injection point, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114884690B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102799830A (en) * | 2012-08-06 | 2012-11-28 | 厦门市美亚柏科信息股份有限公司 | Improved SQL (Structured Query Language) injection flaw detection method |
| US20180084007A1 (en) * | 2016-09-20 | 2018-03-22 | Microsoft Technology Licensing, Llc | Database query injection detection and prevention |
| CN113961930A (en) * | 2021-10-19 | 2022-01-21 | 北京天融信网络安全技术有限公司 | SQL injection vulnerability detection method and device and electronic equipment |
-
2022
- 2022-03-29 CN CN202210319051.5A patent/CN114884690B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102799830A (en) * | 2012-08-06 | 2012-11-28 | 厦门市美亚柏科信息股份有限公司 | Improved SQL (Structured Query Language) injection flaw detection method |
| US20180084007A1 (en) * | 2016-09-20 | 2018-03-22 | Microsoft Technology Licensing, Llc | Database query injection detection and prevention |
| CN113961930A (en) * | 2021-10-19 | 2022-01-21 | 北京天融信网络安全技术有限公司 | SQL injection vulnerability detection method and device and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114884690B (en) | 2024-01-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106357696B (en) | SQL injection attack detection method and system | |
| US11196746B2 (en) | Whitelisting of trusted accessors to restricted web pages | |
| KR100519842B1 (en) | Virus checking and reporting for computer database search results | |
| CN102045319B (en) | Method and device for detecting SQL (Structured Query Language) injection attack | |
| CN109768992B (en) | Webpage malicious scanning processing method and device, terminal device and readable storage medium | |
| CN105491053A (en) | Web malicious code detection method and system | |
| US20100306184A1 (en) | Method and device for processing webpage data | |
| WO2010053739A2 (en) | Method and system for restricting file access in a computer system | |
| CN107896219B (en) | Method, system and related device for detecting website vulnerability | |
| US11120122B2 (en) | Augmenting password generation and validation | |
| CN109617977B (en) | Webpage request processing method and device | |
| CN106250761B (en) | Equipment, device and method for identifying web automation tool | |
| WO2018011785A1 (en) | Online assets continuous monitoring and protection | |
| Singh et al. | An analytical study on cross-site scripting | |
| CN113055399A (en) | Attack success detection method, system and related device for injection attack | |
| CN105404816A (en) | Content-based vulnerability detection method and device | |
| Sanchez-Rola et al. | Dirty clicks: A study of the usability and security implications of click-related behaviors on the web | |
| CN113221194A (en) | Webpage tampering hybrid detection technology | |
| CN110929185B (en) | Website directory detection method and device, computer equipment and computer storage medium | |
| WO2021212739A1 (en) | Network attack defense method and apparatus, device, system and storage medium | |
| Hu | Research on the technology of detecting the SQL injection attack and non-intrusive prevention in WEB system | |
| US8433798B2 (en) | Altering software behavior based on internet connectivity | |
| Cho et al. | Design and implementation of website information disclosure assessment system | |
| CN114884690B (en) | Method and device for detecting SQL injection point, electronic equipment and storage medium | |
| Rao | Defending against web vulnerabilities and cross-site scripting |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |