CN116471079A - LDAP injection vulnerability detection method and device - Google Patents
LDAP injection vulnerability detection method and device Download PDFInfo
- Publication number
- CN116471079A CN116471079A CN202310406857.2A CN202310406857A CN116471079A CN 116471079 A CN116471079 A CN 116471079A CN 202310406857 A CN202310406857 A CN 202310406857A CN 116471079 A CN116471079 A CN 116471079A
- Authority
- CN
- China
- Prior art keywords
- ldap
- injection
- judging whether
- built
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000002347 injection Methods 0.000 title claims abstract description 89
- 239000007924 injection Substances 0.000 title claims abstract description 89
- 238000001514 detection method Methods 0.000 title claims abstract description 59
- 238000000034 method Methods 0.000 claims abstract description 44
- 230000004044 response Effects 0.000 claims description 4
- 238000011897 real-time detection Methods 0.000 claims description 2
- 238000004590 computer program Methods 0.000 description 11
- 238000004891 communication Methods 0.000 description 8
- 238000012545 processing Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 239000000243 solution Substances 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of the disclosure provides a method and a device for detecting LDAP injection loopholes; the method is applied to the technical field of network security. The method comprises the steps of detecting parameters transmitted by a client side in real time when the client side performs LDAP query operation through a web page; and judging whether to allow the LDAP inquiry to be continuously executed or not according to the parameter detection result. In this way, LDAP injection holes can be detected quickly, in real time and efficiently.
Description
Technical Field
The disclosure relates to the technical field of network security, in particular to an LDAP injection vulnerability detection method and device.
Background
With the widespread use of the internet, the number of web applications has exploded, and website security is continually challenged. The LDAP injection loophole is a security loophole in one of the web applications, the prior art scheme detects the LDAP injection loophole through a crawler technology, firstly carries out URL availability detection, carries out secondary injection loophole load on the available URL, then detects the URL, and judges whether the LDAP injection loophole exists or not according to a detection result.
The technical means is low in timeliness, the injection holes cannot be detected in real time and detected and alarmed, the detection efficiency is low, and the detection efficiency is reduced by carrying out repeated hole load injection detection on all URLs of one system.
Disclosure of Invention
The present disclosure provides a method, an apparatus, a device, and a storage medium for LDAP injection vulnerability detection.
According to a first aspect of the present disclosure, an LDAP injection vulnerability detection method is provided. The method comprises the following steps:
real-time detection is carried out on parameters transmitted when the client performs LDAP query operation through the web page;
and judging whether to allow the LDAP inquiry to be continuously executed or not according to the parameter detection result.
In some implementations of the first aspect, detecting parameters delivered by the client in performing an LDAP query operation through the web page in real time includes:
the LDAP injection vulnerability detection component detects parameters transmitted by the client side when the client side performs LDAP query operation through the web page in real time;
the LDAP injection vulnerability detection component is installed and operated on the terminal equipment of the LDAP service. In some implementations of the first aspect, the detected parameter includes: and &, | keyword, built-in feature, injection type.
In some implementations of the first aspect, determining whether to allow continued execution of the LDAP query based on the parameter detection results includes:
for the LDAP query grammar without &, | keywords, allowing the LDAP query operation to be executed;
judging whether an injection attack exists or not according to the LDAP query grammar containing &, | keywords; if so, interrupting the LDAP query operation and recording a log.
In some implementations of the first aspect, determining whether an injection attack is present includes:
judging whether the built-in characteristics AND AND injection attacks of the user name AND the password are contained simultaneously or not according to the LDAP inquiry grammar of the containing operation;
judging whether the LDAP query grammar containing the I operation exists OR not, and simultaneously, judging whether the built-in characteristics and OR injection attacks containing the user name and the password exist;
for the LDAP inquiry grammar comprising the operation, firstly judging whether the feature AND the AND injection attack which simultaneously comprise the user name AND the password are built-in OR not, secondly judging whether the feature AND the OR injection attack which simultaneously comprise the user name AND the password are built-in OR not, AND finally judging whether the feature, the AND injection attack AND the OR injection attack which simultaneously comprise the user name AND the password are built-in OR not.
In some implementations of the first aspect, the method further includes:
the LDAP injection vulnerability detection component detects blind injection attacks by adopting a method of limiting flow and/or request frequency, and directly interrupts the request response of the client under the condition of overhigh request times or request frequency, so that the continuous execution of LDAP inquiry is not allowed.
In some implementations of the first aspect, the method further includes:
if the injection attack exists, an alarm is sent to the client according to whether the configuration situation is needed.
According to a second aspect of the present disclosure, there is provided an LDAP injection vulnerability detection apparatus. The device comprises:
the parameter detection module is used for detecting parameters transmitted by the client side in real time when the client side performs LDAP query operation through the web page;
and the judging module is used for judging whether the continuous execution of the LDAP inquiry is allowed or not according to the parameter detection result.
According to a third aspect of the present disclosure, an electronic device is provided. The electronic device includes: at least one processor; and a memory communicatively coupled to the at least one processor; the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method as described above.
According to a fourth aspect of the present disclosure, there is provided a non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the method as described above.
According to a fifth aspect of the present disclosure, the disclosed embodiments provide a computer program product comprising a computer program which, when executed by a processor, implements a method as described above.
In the method, the LDAP injection vulnerability detection component detects parameters transmitted by the client when the LDAP query operation is carried out on the web page in real time, judges whether the continuous execution of the LDAP query is allowed according to the parameter detection result, and detects blind injection attacks by adopting a current limiting and/or request frequency method, so that the LDAP injection vulnerability can be detected quickly, real time and efficiently.
It should be understood that what is described in this summary is not intended to limit the critical or essential features of the embodiments of the disclosure nor to limit the scope of the disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The above and other features, advantages and aspects of embodiments of the present disclosure will become more apparent by reference to the following detailed description when taken in conjunction with the accompanying drawings. For a better understanding of the present disclosure, and without limiting the disclosure thereto, the same or similar reference numerals denote the same or similar elements, wherein:
FIG. 1 shows a flowchart of an LDAP injection vulnerability detection method provided by an embodiment of the present disclosure;
FIG. 2 is a block diagram of an LDAP injection vulnerability detection apparatus according to an embodiment of the present disclosure;
fig. 3 illustrates a block diagram of an exemplary electronic device capable of implementing embodiments of the present disclosure.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present disclosure more apparent, the technical solutions of the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present disclosure, and it is apparent that the described embodiments are some embodiments of the present disclosure, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments in this disclosure without inventive faculty, are intended to be within the scope of this disclosure.
In addition, the term "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.
Aiming at the problems in the background art, the embodiment of the disclosure provides a method and a device for detecting LDAP injection loopholes. Specifically, the LDAP injection vulnerability detection component detects parameters transmitted by the client when the LDAP query operation is performed on the web page in real time, judges whether to allow the continuous execution of the LDAP query according to the parameter detection result, and detects blind injection attacks by adopting a current limiting and/or request frequency method, so that the LDAP injection vulnerability can be detected quickly, real time and efficiently.
The method and the device for detecting the LDAP injection loopholes provided by the embodiment of the disclosure are described in detail below through specific embodiments with reference to the accompanying drawings.
Fig. 1 shows a flowchart of an LDAP injection vulnerability detection method provided by an embodiment of the present disclosure, where the detection method 100 includes the following steps:
s110, detecting parameters transmitted by the client side in real time when the client side performs LDAP query operation through the web page.
In some embodiments, the LDAP injection vulnerability detection component is installed and operated on a terminal device of an LDAP service, and when a client performs an LDAP query operation through a web page, the detection component detects parameters transferred by the LDAP injection vulnerability detection component in real time, so that the LDAP injection vulnerability detection method disclosed by the present disclosure has timeliness, wherein the detected parameters include: and &, | keyword, built-in feature, injection type.
S120, judging whether to allow the LDAP query to be continuously executed or not according to the parameter detection result.
In some embodiments, judging whether the parameter detection result contains a preset keyword, if so, judging whether an injection attack exists; if not, then the LDAP query is allowed to continue.
Specifically, for the LDAP query grammar without &, | keywords, allowing the query to be executed; judging whether an injection attack exists or not according to the LDAP query grammar containing &, | keywords; if so, interrupting the LDAP query operation and recording a log.
Further, determining whether an injection attack exists includes: judging whether the built-in characteristics AND AND injection attacks of the user name AND the password are contained simultaneously or not according to the LDAP inquiry grammar of the containing operation; judging whether the LDAP query grammar containing the I operation exists OR not, and simultaneously, judging whether the built-in characteristics and OR injection attacks containing the user name and the password exist; for the LDAP inquiry grammar comprising the operation, firstly judging whether the feature AND the AND injection attack which simultaneously comprise the user name AND the password are built-in OR not, secondly judging whether the feature AND the OR injection attack which simultaneously comprise the user name AND the password are built-in OR not, AND finally judging whether the feature, the AND injection attack AND the OR injection attack which simultaneously comprise the user name AND the password are built-in OR not.
Further, if an injection attack exists, an alarm is sent to the client according to whether the configuration situation is needed.
In some embodiments, the detection method 100 further comprises:
for blind injection attack, the LDAP injection vulnerability detection component adopts a method of limiting the flow limit and/or limiting the request frequency to detect, and directly interrupts the request response of the client under the condition that the request times of the client or the request frequency is too high, so that the LDAP query is not allowed to be continuously executed.
According to the embodiment of the disclosure, the LDAP injection vulnerability detection component detects parameters transmitted when the client performs LDAP query operation through the web page in real time, judges whether to allow continuous execution of the LDAP query according to the parameter detection result, and detects blind injection attacks by adopting a current limiting and/or request frequency method, so that the LDAP injection vulnerability can be detected quickly, real time and efficiently.
It should be noted that, for simplicity of description, the foregoing method embodiments are all described as a series of acts, but it should be understood by those skilled in the art that the present disclosure is not limited by the order of acts described, as some steps may be performed in other orders or concurrently in accordance with the present disclosure. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all alternative embodiments, and that the acts and modules referred to are not necessarily required by the present disclosure.
The foregoing is a description of embodiments of the method, and the following further describes embodiments of the present disclosure through examples of apparatus.
Fig. 2 shows a block diagram of an LDAP injection vulnerability detection apparatus provided in an embodiment of the present disclosure, where the detection apparatus 200 includes:
the parameter detection module 210 is configured to detect parameters delivered when the client performs an LDAP query operation through a web page in real time;
and the judging module 220 is configured to judge whether to allow the LDAP query to continue to be executed according to the parameter detection result.
In some embodiments, the parameter detection module 210 is specifically configured to:
when the client performs LDAP query operation through the web page, an LDAP injection vulnerability detection component installed on terminal equipment of LDAP service detects parameters transferred by the LDAP injection vulnerability detection component in real time, wherein the detected parameters comprise: and &, | keyword, built-in feature, injection type.
In some embodiments, the discrimination module 220 is specifically configured to:
judging whether the parameter detection result contains a preset keyword or not, if so, judging whether an injection attack exists or not; if not, then the LDAP query is allowed to continue.
Specifically, for the LDAP query grammar without &, | keywords, allowing the query to be executed;
judging whether an injection attack exists or not according to the LDAP query grammar containing &, | keywords; if so, interrupting the LDAP query operation and recording a log.
Wherein determining whether an injection attack exists comprises:
judging whether the built-in characteristics AND AND injection attacks of the user name AND the password are contained simultaneously or not according to the LDAP inquiry grammar of the containing operation;
judging whether the LDAP query grammar containing the I operation exists OR not, and simultaneously, judging whether the built-in characteristics and OR injection attacks containing the user name and the password exist;
for the LDAP inquiry grammar comprising the operation, firstly judging whether the feature AND the AND injection attack which simultaneously comprise the user name AND the password are built-in OR not, secondly judging whether the feature AND the OR injection attack which simultaneously comprise the user name AND the password are built-in OR not, AND finally judging whether the feature, the AND injection attack AND the OR injection attack which simultaneously comprise the user name AND the password are built-in OR not.
In some embodiments, the discrimination module 220 is further configured to:
if the injection attack exists, an alarm is sent to the client according to whether the configuration situation is needed.
In some embodiments, the detection apparatus 200 further comprises:
the blind note detection judging module is used for detecting blind note attacks through the LDAP injection vulnerability detection component by means of limiting current and/or request frequency, and directly interrupting the request response of the client under the condition that the request times or the request frequency of the client are too high, so that the LDAP query is not allowed to be continuously executed.
It can be appreciated that each module/unit in the detection apparatus 200 shown in fig. 2 has a function of implementing each step in the detection method 100 provided in the embodiment of the disclosure, and can achieve the corresponding technical effects, which are not described herein for brevity.
In the technical scheme of the disclosure, the acquisition, storage, application and the like of the related user personal information all conform to the regulations of related laws and regulations, and the public sequence is not violated.
Fig. 3 illustrates a block diagram of an exemplary electronic device capable of implementing embodiments of the present disclosure. Electronic device 300 is intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. Electronic device 300 may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 3, the electronic device 300 includes a computing unit 301 that can perform various suitable actions and processes according to a computer program stored in a Read Only Memory (ROM) 302 or a computer program loaded from a storage unit 308 into a Random Access Memory (RAM) 303. In the RAM303, various programs and data required for the operation of the electronic device 300 may also be stored. The computing unit 301, the ROM302, and the RAM303 are connected to each other by a bus 304. I/O interface 305 is also connected to bus 304.
Various components in the electronic device 300 are connected to the I/O interface 305, including: an input unit 306 such as a keyboard, a mouse, etc.; an output unit 307 such as various types of displays, speakers, and the like; a storage unit 308 such as a magnetic disk, an optical disk, or the like; and a communication unit 309 such as a network card, modem, wireless communication transceiver, etc. The communication unit 309 allows the electronic device 300 to exchange information/data with other devices through a computer network such as the internet and/or various telecommunication networks.
The computing unit 301 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of computing unit 301 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, etc. The computing unit 301 performs the various methods and processes described above, such as method 100. For example, in some embodiments, the method 100 may be implemented as a computer software program tangibly embodied on a machine-readable medium, such as the storage unit 308. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 300 via the ROM302 and/or the communication unit 309. One or more of the steps of the method 100 described above may be performed when the computer program is loaded into RAM303 and executed by the computing unit 301. Alternatively, in other embodiments, the computing unit 301 may be configured to perform the method 100 by any other suitable means (e.g. by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems-on-chips (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for carrying out methods of the present disclosure may be written in any combination of one or more programming languages. These program code may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus such that the program code, when executed by the processor or controller, causes the functions/operations specified in the flowchart and/or block diagram to be implemented. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. The machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
It should be noted that the present disclosure further provides a non-transitory computer readable storage medium storing computer instructions, where the computer instructions are configured to cause a computer to perform the method 100 and achieve corresponding technical effects achieved by performing the method according to the embodiments of the present disclosure, which are not described herein for brevity.
In addition, the present disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the method 100.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: display means for displaying information to a user; and a keyboard and pointing device (e.g., a mouse or trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), and the internet.
The computer system may include a client and a server. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server may be a cloud server, a server of a distributed system, or a server incorporating a blockchain.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps recited in the present disclosure may be performed in parallel, sequentially, or in a different order, provided that the desired results of the disclosed aspects are achieved, and are not limited herein.
The above detailed description should not be taken as limiting the scope of the present disclosure. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present disclosure are intended to be included within the scope of the present disclosure.
Claims (10)
1. An LDAP injection vulnerability detection method, comprising:
real-time detection is carried out on parameters transmitted when the client performs LDAP query operation through the web page;
and judging whether to allow the LDAP inquiry to be continuously executed or not according to the parameter detection result.
2. A method as defined in claim 1, wherein detecting parameters communicated by the client in performing an LDAP query operation over the web page in real-time comprises:
the LDAP injection vulnerability detection component detects parameters transmitted by the client side when the client side performs LDAP query operation through the web page in real time;
the LDAP injection vulnerability detection component is installed and operated on the terminal equipment of the LDAP service.
3. The method of claim 1, wherein the parameters include: and &, | keyword, built-in feature, injection type.
4. A method as defined in claim 3, wherein determining whether to allow continued execution of the LDAP query based on the parameter detection result comprises:
for the LDAP query grammar without &, | keywords, allowing the LDAP query operation to be executed;
judging whether an injection attack exists or not according to the LDAP query grammar containing &, | keywords; if so, interrupting the LDAP query operation and recording a log.
5. The method of claim 4, wherein said determining whether an injection attack is present comprises:
judging whether the built-in characteristics AND AND injection attacks of the user name AND the password are contained simultaneously or not according to the LDAP inquiry grammar of the containing operation;
judging whether the LDAP query grammar containing the I operation exists OR not, and simultaneously, judging whether the built-in characteristics and OR injection attacks containing the user name and the password exist;
for the LDAP inquiry grammar comprising the operation, firstly judging whether the feature AND the AND injection attack which simultaneously comprise the user name AND the password are built-in OR not, secondly judging whether the feature AND the OR injection attack which simultaneously comprise the user name AND the password are built-in OR not, AND finally judging whether the feature, the AND injection attack AND the OR injection attack which simultaneously comprise the user name AND the password are built-in OR not.
6. The method according to claim 1, characterized in that the further comprises: the LDAP injection vulnerability detection component detects blind injection attacks by adopting a method of limiting flow and/or request frequency, and directly interrupts the request response of the client under the condition of overhigh request times or request frequency, so that the continuous execution of LDAP inquiry is not allowed.
7. The method according to claim 4, wherein the method further comprises:
if the injection attack exists, an alarm is sent to the client according to whether the configuration situation is needed.
8. An LDAP injection vulnerability detection apparatus, comprising:
the parameter detection module is used for detecting parameters transmitted by the client side in real time when the client side performs LDAP query operation through the web page;
and the judging module is used for judging whether the continuous execution of the LDAP inquiry is allowed or not according to the parameter detection result.
9. An electronic device, the electronic device comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-7.
10. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310406857.2A CN116471079A (en) | 2023-04-11 | 2023-04-11 | LDAP injection vulnerability detection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310406857.2A CN116471079A (en) | 2023-04-11 | 2023-04-11 | LDAP injection vulnerability detection method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116471079A true CN116471079A (en) | 2023-07-21 |
Family
ID=87178433
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310406857.2A Pending CN116471079A (en) | 2023-04-11 | 2023-04-11 | LDAP injection vulnerability detection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116471079A (en) |
-
2023
- 2023-04-11 CN CN202310406857.2A patent/CN116471079A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114363019B (en) | Training method, device, equipment and storage medium for phishing website detection model | |
| CN111314063A (en) | Big data information management method, system and device based on Internet of things | |
| CN114157480B (en) | Method, device, equipment and storage medium for determining network attack scheme | |
| CN114969840A (en) | Data leakage prevention method and device | |
| CN113904943B (en) | Account detection method and device, electronic equipment and storage medium | |
| CN116471079A (en) | LDAP injection vulnerability detection method and device | |
| CN116108880A (en) | Training method of random forest model, malicious website detection method and device | |
| CN116527652A (en) | Method, device, equipment and medium for determining file format conversion path | |
| CN115016955A (en) | Method and device for sharing information among multiple applications | |
| CN114401121A (en) | Application program login method and device, electronic equipment and readable storage medium | |
| CN116341023B (en) | Block chain-based service address verification method, device, equipment and storage medium | |
| CN114428646B (en) | Data processing method and device, electronic equipment and storage medium | |
| US11849006B2 (en) | Method for reporting asynchronous data, electronic device and storage medium | |
| CN113961581B (en) | Query processing method, device, electronic equipment and storage medium | |
| CN115378746B (en) | Network intrusion detection rule generation method, device, equipment and storage medium | |
| CN114791996B (en) | Information processing method, device, system, electronic equipment and storage medium | |
| CN116611065B (en) | Script detection method, deep learning model training method and device | |
| CN114996557B (en) | Service stability determination method, device, equipment and storage medium | |
| CN116996481B (en) | Live broadcast data acquisition method and device, electronic equipment and storage medium | |
| US11972008B2 (en) | Data store with dynamic filtering for increased accessibility and enhanced security | |
| CN113591088B (en) | Identification recognition method and device and electronic equipment | |
| CN115038089B (en) | Multi-terminal data monitoring and collecting method based on information extraction | |
| US20160140361A1 (en) | Methods for anti-fraud masking of a universal resource indentifier ("uri') | |
| CN116232684A (en) | Authority verification method, device, equipment and storage medium based on route jump | |
| CN115774878A (en) | Request processing method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |