CN115510437A - Method, device, equipment and medium for detecting SQL injection attack - Google Patents
Method, device, equipment and medium for detecting SQL injection attack Download PDFInfo
- Publication number
- CN115510437A CN115510437A CN202211121562.2A CN202211121562A CN115510437A CN 115510437 A CN115510437 A CN 115510437A CN 202211121562 A CN202211121562 A CN 202211121562A CN 115510437 A CN115510437 A CN 115510437A
- Authority
- CN
- China
- Prior art keywords
- sql
- statement
- sql statement
- injection attack
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Debugging And Monitoring (AREA)
Abstract
The application discloses a method, a device, equipment and a medium for detecting SQL injection attack, which relate to the technical field of computers, and the method comprises the following steps: intercepting an SQL (structured query language) statement to be executed, and analyzing the intercepted SQL statement; verifying the analyzed SQL statement, and judging whether an SQL injection attack exists in the SQL statement according to a verification result; if the SQL sentence has the SQL injection attack, the SQL sentence is forbidden to be executed, and if the SQL sentence does not have the SQL injection attack, the SQL sentence is executed. Therefore, the method starts from the inside of the program, and directly checks whether the SQL sentence has SQL injection attack before the SQL sentence is executed, so that the problem that all attack conditions are difficult to detect in the traditional detection method is solved.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method, an apparatus, a device, and a medium for detecting an SQL injection attack.
Background
In the research on detection of SQL injection attacks, a dynamic detection method is frequently used, and generally, in the SQL injection attacks, an attacker inputs a string of attack characters into external interface parameters of a program, so that the program executes malicious SQL statements, and therefore, an external interface request can be intercepted by the dynamic detection method, and then the request parameters are analyzed to determine whether the SQL injection attacks are suffered. Because the technology analyzes whether the SQL injection attack exists in the request parameters by intercepting the external interface request, the technology is difficult to detect all attack conditions, and some attacks may construct malicious SQL sentences through a plurality of parameters, thereby increasing the detection difficulty. Moreover, some SQL injection attacks do not request through an interface, but rather attack through other means, for which the technique cannot detect.
Therefore, how to avoid the situation that the traditional detection method is difficult to detect all SQL injection attacks is an urgent problem to be solved in the field.
Disclosure of Invention
In view of this, an object of the present invention is to provide a method, an apparatus, a device and a medium for detecting an SQL injection attack, which can avoid the situation that it is difficult to detect all SQL injection attacks in the conventional detection method, and the specific scheme thereof is as follows:
in a first aspect, the present application discloses a method for detecting an SQL injection attack, including:
intercepting an SQL statement to be executed, and analyzing the intercepted SQL statement;
checking the analyzed SQL statement, and judging whether SQL injection attack exists in the SQL statement according to a checking result;
if the SQL sentence has the SQL injection attack, the SQL sentence is forbidden to be executed, and if the SQL sentence does not have the SQL injection attack, the SQL sentence is executed.
Optionally, the intercepting the SQL statement to be executed and analyzing the intercepted SQL statement include:
intercepting SQL sentences to be executed based on the section-oriented programming, and analyzing the intercepted SQL sentences by using a syntax analyzer.
Optionally, the verifying the parsed SQL statement includes:
judging whether the analyzed SQL statement is a target SQL statement or not, and if not, directly checking the analyzed SQL statement; and the target SQL statement is a statement which meets the judgment condition of a preset complex statement.
Optionally, after determining whether the parsed SQL statement is the target SQL statement, the method further includes:
and if the analyzed SQL statement is the target SQL statement, disassembling the target SQL statement to obtain a plurality of disassembled SQL statements, and verifying each disassembled SQL statement.
Optionally, the parsing the target SQL statement to obtain a plurality of parsed SQL statements includes:
and identifying brackets in the target SQL sentence based on a top-down analysis mode, and disassembling the target SQL sentence through the identified brackets to obtain a plurality of disassembled SQL sentences.
Optionally, the method for detecting an SQL injection attack further includes:
and identifying a target keyword in the target SQL statement based on a top-down analysis mode, and after the target SQL statement is disassembled, judging whether each disassembled SQL statement is an independent and complete SQL statement based on the target keyword.
Optionally, if the SQL injection attack exists in the SQL statement, prohibiting executing the SQL statement, including:
and if the SQL statement has the SQL injection attack, recording corresponding attack information, and forbidding to execute the SQL statement.
In a second aspect, the present application discloses a device for detecting SQL injection attacks, including:
the SQL sentence interception module is used for intercepting an SQL sentence to be executed and analyzing the intercepted SQL sentence;
the SQL injection attack judging module is used for verifying the analyzed SQL sentences and judging whether SQL injection attacks exist in the SQL sentences according to a verification result;
the SQL statement blocking module is used for forbidding to execute the SQL statement if the SQL injection attack exists in the SQL statement;
and the SQL statement execution module is used for executing the SQL statement if the SQL injection attack does not exist in the SQL statement.
In a third aspect, the present application discloses an electronic device, comprising:
a memory for storing a computer program;
and the processor is used for executing the computer program to realize the detection method of the SQL injection attack disclosed in the foregoing.
In a fourth aspect, the present application discloses a computer readable storage medium for storing a computer program; wherein, the computer program realizes the detection method of SQL injection attack disclosed in the foregoing when being executed by a processor.
Therefore, the application provides a method for detecting SQL injection attack, which comprises the following steps: intercepting an SQL (structured query language) statement to be executed, and analyzing the intercepted SQL statement; checking the analyzed SQL statement, and judging whether SQL injection attack exists in the SQL statement according to a checking result; if the SQL sentence has the SQL injection attack, the SQL sentence is forbidden to be executed, and if the SQL sentence does not have the SQL injection attack, the SQL sentence is executed. Therefore, the method starts from the inside of the program, and directly checks whether the SQL sentence has SQL injection attack before the SQL sentence is executed, so that the problem that all attack conditions are difficult to detect in the traditional detection method is solved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a detection method for SQL injection attacks disclosed in the present application;
fig. 2 is a flowchart of a specific detection method for SQL injection attacks disclosed in the present application;
fig. 3 is a flowchart of a specific detection method for SQL injection attacks disclosed in the present application;
fig. 4 is a schematic structural diagram of a detection apparatus for SQL injection attack disclosed in the present application;
fig. 5 is a block diagram of an electronic device disclosed in the present application.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
In the research of detecting the SQL injection attack, a dynamic detection method analyzes whether the SQL injection attack exists in request parameters or not by intercepting external interface requests, so that the SQL injection attack is difficult to detect all attack situations, and some attacks may construct malicious SQL statements through a plurality of parameters, thereby increasing the detection difficulty. Moreover, some SQL injection attacks do not request through an interface, but rather attack through other means, for which the technique cannot detect.
Therefore, the embodiment of the application provides a detection scheme of the SQL injection attack, which can solve the problem that all attack conditions are difficult to detect in the traditional detection method.
The embodiment of the application discloses a detection method of SQL injection attack, which is shown in figure 1 and comprises the following steps:
step S11: intercepting the SQL sentences to be executed, and analyzing the intercepted SQL sentences.
In this embodiment, an SQL statement to be executed is intercepted first, and then the intercepted SQL statement is analyzed to obtain the analyzed SQL statement.
Step S12: and verifying the analyzed SQL statement, and judging whether the SQL statement has SQL injection attack or not according to a verification result.
It should be noted that, the verifying the parsed SQL statement specifically includes: judging whether the analyzed SQL statement is a target SQL statement or not, and if not, directly checking the analyzed SQL statement; the target SQL statement is a statement which meets the judgment condition of a preset complex statement; if the parsed SQL statement is the target SQL statement, disassembling the target SQL statement to obtain a plurality of disassembled SQL statements, and verifying each disassembled SQL statement; the preset complex statement judgment condition includes, but is not limited to, the SQL statement in which the sub-query exists in the target SQL statement.
In this embodiment, the parsing the target SQL statement to obtain a plurality of parsed SQL statements may specifically include: and identifying brackets in the target SQL sentence based on a top-down analysis mode, and disassembling the target SQL sentence through the identified brackets to obtain a plurality of disassembled SQL sentences. It should be noted that, after the parsing is performed on the target SQL statement through the identified parenthesis to obtain a plurality of parsed SQL statements, the method further includes: identifying a target keyword in the target SQL statement based on a top-down analysis mode, and after the target SQL statement is disassembled, judging whether each disassembled SQL statement is an independent and complete SQL statement based on the target keyword; wherein the target keywords include, but are not limited to: select, update, delete, alter, drop, create, truncate, and the like ddl (data definition language), dml (data manipulation language) keywords.
In a specific embodiment, the determining whether the SQL statement has the SQL injection attack according to the check result specifically includes: judging whether the annotation characters ' - ', ' #'/' exist in the SQL sentence; judging whether or a = a equal identity judgment exists in the where condition; determine whether the select query contains delete, update, and other dml statements.
Step S13: if the SQL sentence has the SQL injection attack, the SQL sentence is forbidden to be executed, and if the SQL sentence does not have the SQL injection attack, the SQL sentence is executed.
In this embodiment, if the SQL injection attack exists in the SQL statement, the execution of the SQL statement is prohibited, and if the SQL injection attack does not exist in the SQL statement, the execution of the SQL statement is prohibited. Therefore, the problem that all attack situations are difficult to detect in the traditional detection method is solved.
Therefore, the application provides a method for detecting SQL injection attack, which comprises the following steps: intercepting an SQL statement to be executed, and analyzing the intercepted SQL statement; checking the analyzed SQL statement, and judging whether SQL injection attack exists in the SQL statement according to a checking result; if the SQL sentence has the SQL injection attack, the SQL sentence is forbidden to be executed, and if the SQL sentence does not have the SQL injection attack, the SQL sentence is executed. Therefore, the method starts from the inside of the program, directly verifies whether the SQL sentence has SQL injection attack before the SQL sentence is executed, and therefore the problem that all attack conditions are difficult to detect in the traditional detection method is solved.
The embodiment of the application discloses a specific detection method of SQL injection attack, which is shown in figure 2 and comprises the following steps:
step S21: intercepting the SQL sentences to be executed based on the section-oriented programming, and analyzing the intercepted SQL sentences by utilizing a syntax analyzer.
In this embodiment, the SQL statements to be executed may be specifically intercepted based on the facet oriented programming (AOP), and the intercepted SQL statements are parsed by using a parser.
Step S22: and verifying the analyzed SQL statement, and judging whether the SQL statement has SQL injection attack or not according to a verification result.
For a more specific working process of step S22, reference is made to the embodiments disclosed above, and details are not described herein.
Step S23: if the SQL statement has the SQL injection attack, recording corresponding attack information, and forbidding executing the SQL statement, and if the SQL statement does not have the SQL injection attack, executing the SQL statement.
It should be noted that, in general, a detection method of the SQL injection attack starts from the outside of the program, and judges whether the program is subjected to the SQL injection attack by capturing a data packet and analyzing request data, and this method has a certain amount of false reports and false reports, and the method can collect less information and cannot completely acquire information of an attacker (for example, a user logged in by the attacker, an attacked module, and the like). Therefore, in this embodiment, if the SQL injection attack exists in the SQL statement, corresponding attack information is recorded, and execution of the SQL statement is prohibited, where the attack information includes, but is not limited to, a logged-in user, an attacked module, an attacked SQL statement, and the like. In addition, the method and the system are wide in applicability and compatible with common relational databases such as MySql, oracle and Sql Server.
Therefore, the application provides a detection method for SQL injection attacks, which includes: intercepting SQL sentences to be executed based on section-oriented programming, and analyzing the intercepted SQL sentences by using a syntax analyzer; checking the analyzed SQL statement, and judging whether SQL injection attack exists in the SQL statement according to a checking result; if the SQL statement has the SQL injection attack, recording corresponding attack information, and forbidding executing the SQL statement, and if the SQL statement does not have the SQL injection attack, executing the SQL statement.
Fig. 3 is a flowchart of a specific detection method for SQL injection attack disclosed in this application, referring to fig. 3, the method includes intercepting an SQL statement to be executed, then parsing the SQL statement, when the parsed SQL statement is a statement meeting a preset complex statement determination condition, parsing the SQL statement to obtain multiple parsed SQL statements, and checking each parsed SQL statement to determine whether there is a malicious SQL statement, which is also a statement with SQL injection attack, if there is no malicious SQL statement, executing the SQL statement to be executed, and if there is a malicious SQL statement, recording corresponding attack information and prohibiting execution of the corresponding SQL statement, where the attack information includes, but is not limited to, a malicious SQL statement, user information, and the like. Therefore, the method starts from the inside of the program, directly verifies whether the SQL sentence has SQL injection attack before the SQL sentence is executed, and therefore the problem that all attack conditions are difficult to detect in the traditional detection method is solved.
Correspondingly, the embodiment of the present application further discloses a detection apparatus for SQL injection attack, as shown in fig. 4, the apparatus includes:
the SQL sentence intercepting module 11 is used for intercepting an SQL sentence to be executed and analyzing the intercepted SQL sentence;
specifically, the method includes the steps of intercepting an SQL statement to be executed, and then analyzing the intercepted SQL statement to obtain the analyzed SQL statement.
The SQL injection attack judgment module 12 is configured to verify the parsed SQL statement and judge whether an SQL injection attack exists in the SQL statement according to a verification result;
it should be noted that, the verifying the parsed SQL statement specifically includes: judging whether the analyzed SQL statement is a target SQL statement or not, and if not, directly checking the analyzed SQL statement; the target SQL statement is a statement which meets the judgment condition of a preset complex statement; if the analyzed SQL statement is the target SQL statement, disassembling the target SQL statement to obtain a plurality of disassembled SQL statements, and verifying each disassembled SQL statement; the preset complex statement judgment condition includes, but is not limited to, the SQL statement in which the sub-query exists in the target SQL statement.
The disassembling the target SQL statement to obtain a plurality of disassembled SQL statements specifically may include: and identifying small brackets in the target SQL statement based on a top-down analysis mode, and disassembling the target SQL statement through the identified small brackets to obtain a plurality of disassembled SQL statements. It should be noted that, after the parsing is performed on the target SQL statement through the identified parenthesis to obtain a plurality of parsed SQL statements, the method further includes: identifying a target keyword in the target SQL statement based on a top-down analysis mode, and after disassembling the target SQL statement, judging whether each disassembled SQL statement is an independent and complete SQL statement based on the target keyword; wherein the target keywords include, but are not limited to: ddl (data definition language), dml (data manipulation language) keywords such as select, update, delete, alter, drop, create, truncate, and the like.
In a specific embodiment, the determining whether the SQL statement has the SQL injection attack according to the check result specifically includes: judging whether the annotation characters ' - ', ' #'/' exist in the SQL sentence; judging whether or a = a equal identity judgment exists in the where condition; determine whether the select query contains delete, update, and other dml statements.
The SQL statement blocking module 13 is configured to prohibit the SQL statement from being executed if the SQL injection attack exists in the SQL statement;
it should be noted that, if the SQL injection attack exists in the SQL statement, the SQL statement is prohibited from being executed.
The SQL statement execution module 14 is configured to execute the SQL statement if the SQL injection attack does not exist in the SQL statement.
And if the SQL sentence does not have the SQL injection attack, executing the SQL sentence. Therefore, the problem that all attack situations are difficult to detect in the traditional detection method is solved.
Therefore, the application provides a detection method for SQL injection attacks, which includes: intercepting an SQL statement to be executed, and analyzing the intercepted SQL statement; checking the analyzed SQL statement, and judging whether SQL injection attack exists in the SQL statement according to a checking result; if the SQL sentence has the SQL injection attack, the SQL sentence is forbidden to be executed, and if the SQL sentence does not have the SQL injection attack, the SQL sentence is executed. Therefore, the method starts from the inside of the program, directly verifies whether the SQL sentence has SQL injection attack before the SQL sentence is executed, and therefore the problem that all attack conditions are difficult to detect in the traditional detection method is solved.
In some specific embodiments, the SQL statement intercepting module 11 specifically includes:
the SQL sentence intercepting unit is used for intercepting the SQL sentences to be executed based on the section-oriented programming and analyzing the intercepted SQL sentences by utilizing a syntax analyzer.
In some specific embodiments, the SQL injection attack determination module 12 specifically includes:
the SQL sentence verifying unit is used for judging whether the analyzed SQL sentence is a target SQL sentence or not, and directly verifying the analyzed SQL sentence if the SQL sentence is not the target SQL sentence; and the target SQL statement is a statement which meets the judgment condition of a preset complex statement.
In some specific embodiments, after the SQL statement check unit, the method further includes:
and the SQL sentence disassembling unit is used for disassembling the target SQL sentence to obtain a plurality of disassembled SQL sentences and verifying each disassembled SQL sentence if the analyzed SQL sentence is the target SQL sentence.
In some specific embodiments, the SQL statement parsing unit may be specifically configured to:
and identifying small brackets in the target SQL statement based on a top-down analysis mode, and disassembling the target SQL statement through the identified small brackets to obtain a plurality of disassembled SQL statements.
In some specific embodiments, the apparatus for detecting an SQL injection attack may further include:
and the target keyword identification module is used for identifying the target keywords in the target SQL sentences based on a top-down analysis mode, and judging whether each disassembled SQL sentence is an independent and complete SQL sentence based on the target keywords after the target SQL sentences are disassembled.
In some specific embodiments, the SQL statement blocking module 13 may specifically include:
and the SQL statement blocking unit is used for recording corresponding attack information and forbidding the execution of the SQL statement if the SQL injection attack exists in the SQL statement.
Furthermore, the embodiment of the application also provides electronic equipment. Fig. 5 is a block diagram of electronic device 20 shown in accordance with an exemplary embodiment, and the contents of the diagram should not be construed as limiting the scope of use of the present application in any way.
Fig. 5 is a schematic structural diagram of an electronic device 20 according to an embodiment of the present disclosure. The electronic device 20 may specifically include: at least one processor 21, at least one memory 22, a display 23, an input output interface 24, a communication interface 25, a power supply 26, and a communication bus 27. Wherein the memory 22 is adapted to store a computer program, which is loaded and executed by the processor 21, to implement the steps of:
intercepting an SQL statement to be executed, and analyzing the intercepted SQL statement;
checking the analyzed SQL statement, and judging whether SQL injection attack exists in the SQL statement according to a checking result;
if the SQL sentence has the SQL injection attack, the SQL sentence is forbidden to be executed, and if the SQL sentence does not have the SQL injection attack, the SQL sentence is executed.
In some embodiments, the processor, by executing the computer program stored in the memory, may specifically implement the following steps:
intercepting the SQL sentences to be executed based on the section-oriented programming, and analyzing the intercepted SQL sentences by utilizing a syntax analyzer.
In some embodiments, the processor, by executing the computer program stored in the memory, may specifically implement the following steps:
judging whether the analyzed SQL statement is a target SQL statement or not, and if not, directly checking the analyzed SQL statement; and the target SQL statement is a statement which meets the judgment condition of a preset complex statement.
In some embodiments, the processor, by executing the computer program stored in the memory, further implements the following steps:
and if the analyzed SQL statement is the target SQL statement, disassembling the target SQL statement to obtain a plurality of disassembled SQL statements, and verifying each disassembled SQL statement.
In some embodiments, the processor, by executing the computer program stored in the memory, may specifically implement the following steps:
and identifying brackets in the target SQL sentence based on a top-down analysis mode, and disassembling the target SQL sentence through the identified brackets to obtain a plurality of disassembled SQL sentences.
In some embodiments, the processor, by executing the computer program stored in the memory, may further implement the following steps:
and identifying a target keyword in the target SQL statement based on a top-down analysis mode, and after the target SQL statement is disassembled, judging whether each disassembled SQL statement is an independent and complete SQL statement based on the target keyword.
In some embodiments, the processor may specifically implement the following steps by executing the computer program stored in the memory:
and if the SQL statement has the SQL injection attack, recording corresponding attack information, and forbidding to execute the SQL statement.
In this embodiment, the power supply 26 is used for providing an operating voltage for each hardware device on the electronic device 20; the communication interface 25 can create a data transmission channel between the electronic device 20 and an external device, and the communication protocol followed by the communication interface is any communication protocol that can be applied to the technical solution of the present application, and is not specifically limited herein; the input/output interface 24 is configured to acquire external input data or output data to the outside, and a specific interface type thereof may be selected according to specific application requirements, which is not specifically limited herein.
In addition, the memory 22 is used as a carrier for resource storage, and may be a read-only memory, a random access memory, a magnetic disk or an optical disk, etc., and the resource stored thereon may include the computer program 221, and the storage manner may be a transient storage or a permanent storage. The computer program 221 may further include a computer program that can be used to perform other specific tasks in addition to the computer program that can be used to perform the detection method of SQL injection attacks executed by the electronic device 20 disclosed in any of the foregoing embodiments.
Further, the embodiment of the application also discloses a computer readable storage medium for storing a computer program; wherein, the computer program realizes the detection method of SQL injection attack disclosed in the foregoing when being executed by a processor.
For the specific steps of the method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, which are not described herein again.
The embodiments in the present application are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other, that is, for the apparatus disclosed in the embodiments, since the apparatus corresponds to the method disclosed in the embodiments, the description is simple, and for the relevant parts, the method is referred to the method part.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it should also be noted that, in this document, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.
The method, the apparatus, the device, and the storage medium for detecting an SQL injection attack provided by the present application are introduced in detail, and specific examples are applied herein to explain the principles and implementations of the present application, and the descriptions of the above embodiments are only used to help understand the method and the core idea of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (10)
1. A method for detecting SQL injection attack is characterized by comprising the following steps:
intercepting an SQL (structured query language) statement to be executed, and analyzing the intercepted SQL statement;
checking the analyzed SQL statement, and judging whether SQL injection attack exists in the SQL statement according to a checking result;
if the SQL sentence has the SQL injection attack, the SQL sentence is forbidden to be executed, and if the SQL sentence does not have the SQL injection attack, the SQL sentence is executed.
2. The method for detecting an SQL injection attack according to claim 1, wherein the intercepting an SQL statement to be executed and analyzing the intercepted SQL statement comprises:
intercepting SQL sentences to be executed based on the section-oriented programming, and analyzing the intercepted SQL sentences by using a syntax analyzer.
3. The method for detecting an SQL injection attack according to claim 1, wherein the verifying the parsed SQL statement comprises:
judging whether the analyzed SQL statement is a target SQL statement or not, and if not, directly checking the analyzed SQL statement; and the target SQL statement is a statement which meets the judgment condition of a preset complex statement.
4. The method for detecting an SQL injection attack according to claim 3, wherein after determining whether the parsed SQL statement is a target SQL statement, the method further comprises:
and if the analyzed SQL statement is the target SQL statement, disassembling the target SQL statement to obtain a plurality of disassembled SQL statements, and verifying each disassembled SQL statement.
5. The method for detecting the SQL injection attack according to claim 4, wherein the parsing the target SQL statement to obtain a plurality of parsed SQL statements includes:
and identifying small brackets in the target SQL statement based on a top-down analysis mode, and disassembling the target SQL statement through the identified small brackets to obtain a plurality of disassembled SQL statements.
6. The method of detecting an SQL injection attack according to claim 5, further comprising:
and identifying a target keyword in the target SQL statement based on a top-down analysis mode, and after the target SQL statement is disassembled, judging whether each disassembled SQL statement is an independent and complete SQL statement based on the target keyword.
7. The method for detecting the SQL injection attack according to any one of the claims 1 to 6, wherein the prohibiting the SQL statement from being executed if the SQL injection attack exists in the SQL statement comprises:
and if the SQL statement has the SQL injection attack, recording corresponding attack information, and forbidding to execute the SQL statement.
8. A detection apparatus for SQL injection attacks, comprising:
the SQL sentence interception module is used for intercepting an SQL sentence to be executed and analyzing the intercepted SQL sentence;
the SQL injection attack judging module is used for verifying the analyzed SQL sentences and judging whether SQL injection attacks exist in the SQL sentences according to a verification result;
the SQL statement blocking module is used for forbidding to execute the SQL statement if the SQL injection attack exists in the SQL statement;
and the SQL statement execution module is used for executing the SQL statement if the SQL injection attack does not exist in the SQL statement.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the method of detection of an SQL injection attack according to any of the claims 1 to 7.
10. A computer-readable storage medium for storing a computer program; wherein the computer program, when executed by a processor, implements the method of detection of an SQL injection attack according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211121562.2A CN115510437A (en) | 2022-09-15 | 2022-09-15 | Method, device, equipment and medium for detecting SQL injection attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211121562.2A CN115510437A (en) | 2022-09-15 | 2022-09-15 | Method, device, equipment and medium for detecting SQL injection attack |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115510437A true CN115510437A (en) | 2022-12-23 |
Family
ID=84503953
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211121562.2A Pending CN115510437A (en) | 2022-09-15 | 2022-09-15 | Method, device, equipment and medium for detecting SQL injection attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115510437A (en) |
-
2022
- 2022-09-15 CN CN202211121562.2A patent/CN115510437A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11188650B2 (en) | Detection of malware using feature hashing | |
| EP2653994B1 (en) | Information security techniques including detection, interdiction and/or mitigation of memory injection attacks | |
| US8646088B2 (en) | Runtime enforcement of security checks | |
| CN110225029B (en) | Injection attack detection method, device, server and storage medium | |
| US20040205411A1 (en) | Method of detecting malicious scripts using code insertion technique | |
| Møller et al. | Automated detection of client-state manipulation vulnerabilities | |
| WO2019144548A1 (en) | Security test method, apparatus, computer device and storage medium | |
| EP3251047B1 (en) | Protection against database injection attacks | |
| CN113055399A (en) | Attack success detection method, system and related device for injection attack | |
| US9600644B2 (en) | Method, a computer program and apparatus for analyzing symbols in a computer | |
| WO2020073493A1 (en) | Sql injection vulnerability detection method, apparatus and device, and readable storage medium | |
| WO2019195065A1 (en) | Staged dynamic taint flow inference | |
| CN104426836A (en) | Invasion detection method and device | |
| Liu et al. | A Graph‐Based Feature Generation Approach in Android Malware Detection with Machine Learning Techniques | |
| Chung et al. | A Hot Query Bank approach to improve detection performance against SQL injection attacks | |
| US11714899B2 (en) | Command injection identification | |
| Magklaras et al. | Insider threat specification as a threat mitigation technique | |
| CN115510437A (en) | Method, device, equipment and medium for detecting SQL injection attack | |
| Gadgikar | Preventing SQL injection attacks using negative tainting approach | |
| Asha et al. | Preventing sql injection attacks | |
| US20200242244A1 (en) | Guided security analysis | |
| CN117744071B (en) | Attack behavior detection method, device, equipment and storage medium | |
| KR102497201B1 (en) | Method, apparatus and computer program for diagnosing SQL injection vulnerability | |
| CN113852638B (en) | Attack detection method, device, equipment and storage medium | |
| CN116702146B (en) | Injection vulnerability scanning method and system of Web server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |