Method and system for preventing structured query language (SQL) implantation

A technology of abstracting and requesting parameters, applied in the fields of instruments, electrical digital data processing, platform integrity maintenance, etc., can solve problems such as low processing efficiency, and achieve the effect of reducing requirements, improving security, and high processing efficiency

Active Publication Date: 2015-11-11
FUJIAN TQ DIGITAL
7 Cites 13 Cited by

AI-Extracted Technical Summary

Problems solved by technology

However, this patent application needs to judge and check...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Abstract

The present invention discloses a method and a system for preventing structured query language (SQL) implantation, wherein the method comprises the steps of: configuring a reverse proxy module, and recording all request logs; performing SQL implantation detection on requests by using an implantation detection module, and recording request parameters with implantation vulnerabilities; parsing the request parameters, extracting corresponding parameter names, and generating a URL abstract collection; acquiring an SQL implantation request to URL by an attacker; transmitting the SQL implantation request to an implantation defense module by the reverse proxy module; determining whether the address of the SQL implantation request is in the URL abstract collection or not by the implantation defense module; if so, replacing parameter values and related keywords of the address of the SQL implantation request by the implantation defense module to acquire a secure request; and transmitting the secure request to a WEB site of a target server. By adopting the method and the system, the requirements for programmers can be reduced, the security of a website can be improved, and the website can be automatically protected without modification of source codes.

Application Domain

Technology Topic

Reverse proxyQuery language +5

Image

  • Method and system for preventing structured query language (SQL) implantation
  • Method and system for preventing structured query language (SQL) implantation
  • Method and system for preventing structured query language (SQL) implantation

Examples

  • Experimental program(1)

Example Embodiment

[0028] In order to describe in detail the technical content, the achieved objectives and effects of the present invention, the following description will be given in conjunction with the embodiments and the accompanying drawings.
[0029] The key concept of the present invention is to obtain request parameters that need to be defended through SQL injection detection, generate URL summary collections, analyze the obtained SQL injections, and process parameter values ​​or keywords to prevent SQL injection into the system.
[0030] Please refer to figure 1 , Embodiment 1 of the present invention provides a method for preventing SQL injection, including the following steps:
[0031] S1: Configure the reverse proxy module and record all request logs; such as the known nginx, use its logging function to record all request logs. Optionally, the reverse proxy module may also be, for example, IIS under the windows system;
[0032] S2: Use the injection detection module to perform SQL injection detection on the request, and record the request parameters with injection vulnerabilities;
[0033] S3: Parse the request parameters, extract the corresponding parameter names, and generate a URL summary set;
[0034] S4: Obtain the attacker's SQL injection request to the URL;
[0035] S5: The reverse proxy module sends the SQL injection request to the injection defense module;
[0036] S6: The injection defense module judges whether the address of the SQL injection request is in the URL summary set;
[0037] If yes, perform step S7: the injection defense module replaces the parameter value and related keywords of the address of the SQL injection request to obtain a security request;
[0038] S8: Send the security request to the WEB site of the target server.
[0039] It should be understood that all request logs in step S1 are all request logs in a period of time, and are request logs received in a real environment.
[0040] Such as figure 2 As shown, on the basis of Embodiment 1, step S3 of Embodiment 2 of the present invention is specifically:
[0041] S31: Parse the request parameter and remove the parameter value;
[0042] S32: Generate a URL summary set containing only parameter names.
[0043] Wherein, after step S6, it also includes:
[0044] If not, step S70 is executed: the injection defense module confirms that the request is a security request; and step S8 is executed.
[0045] Among them, the S7 steps are specifically:
[0046] S71: Replace all the parameter values;
[0047] S72: Replace the rule base according to the script, and replace related keywords with regular expressions;
[0048] S73: Generate a security request.
[0049] In a specific embodiment, the following preparations can be made in advance before the defense:
[0050] Configure the reverse proxy module, such as the known nginx, to use its logging function. Or other alternatives, such as IIS under the windows system, can also record request logs. In this specific embodiment, nginx is used because it is used in conjunction with sqlmap to record all request logs.
[0051] sqlmap is an automated SQL injection tool. Its main function is to scan, find and exploit SQL injection vulnerabilities in a given URL. The databases supported recently are MS-SQL, MYSQL, ORACLE and POSTGRESQL. sqlmap uses four unique SQL injection techniques, namely, blind reasoning SQL injection, UNION query SQL injection, heap query and time-based blind SQL injection. Its extensive functions and options include database fingerprinting, enumeration, database extraction, access to the target file system, and execution of arbitrary commands when obtaining full operation permissions. sqlmap is powerful. Compared with conventional injection tools, sqlmap has a wider application range and better effect.
[0052] Use the sqlmap tool (ie, injection detection module) to perform SQL injection testing on the requests in the recorded log, and record the injected request parameters into the database.
[0053] Through the program, the recorded request parameters with injection vulnerabilities are parsed, and the names of the injected parameters are extracted to generate a URL summary collection. The parameter name is part of the request and corresponds to the parameter value.
[0054] For example: request http://abc.com/? In id=1&name=abc, the parameter names are id and name, and the corresponding parameter values ​​are 1 and abc; preferably, the parameter value in the request is removed, and a URL summary set containing only the parameter name is generated, that is, http:/ /abc.com/? id=&name=, URL summary set refers to the sum of all recorded URL summary.
[0055] It should be understood that after excluding parameter values, 100% invalid SQL injection cannot be guaranteed, but most attacks can be prevented.
[0056] Through the above methods, the defense has been prepared. Next, the defense process will be explained, specifically:
[0057] The first is that the nginx reverse proxy module obtains the attacker's SQL injection request to the URL, and forwards the request to the SQL injection defense module. The SQL injection defense module determines whether the request address is extracted from the summary set. If it exists, it means that the URL has an injection vulnerability and needs to be defended and perform the next steps; otherwise, the request is directly regarded as a safe request and forwarded to the web site of the target server.
[0058] When performing defense, the SQL injection defense module replaces each parameter value contained in the URL, obtains the script replacement rule base, and uses regular expressions to replace all related keywords. Related keywords include but are not limited to: single quote (') , Double horizontal bars (--), and SQL statement keywords such as select and from. After replacement, a security request can be generated.
[0059] Forward the replaced security request to the target server web site. So as to defend against the attack.
[0060] For example: In the http://abc.com/ site, Gethttp://abc.com/? is recorded in the nginx log. id=1 this request. SQL injection vulnerability in its parameter id detected by sqlmap, such as using request http://abc.com/? id=1’waitfordelay0:0:1--to judge, that is, to end the previous parameter with single quotes’, execute the delay operation of waitfordelay0:0:1, and then pass the double horizontal bar--to invalidate the following statement. When to use request http://abc.com/? After id=1'waitfordelay0:0:1--, if there is a 1 second delay in loading, it indicates that the parameter id has a SQL injection vulnerability. Record this URL and the injected parameter id in the database; otherwise, it is considered safe request.
[0061] When the attacker uses http://abc.com/? id=1'waitfordelay0:0:1--During injection, whether there is an injection problem in the URL summary collection in the matching database of the automatic defense module. If it exists, call the above script to replace the rule base, and change the 'and-in its parameter id. -Symbol is removed, which means it becomes http://abc.com/? id=1waitfordelay0:0:1, forward this request to the target server, and then this attack is automatically avoided.
[0062] In summary, the embodiment of the present invention generates URL summary collections as the basis and preparation for defense by eliminating parameter values; when determining SQL injection vulnerabilities, the rule base is replaced by scripts, and regular expressions are used to replace the URL parameters. Parameter value to generate a security request, and then send it to the target server to realize the function of automatic defense. Therefore, the second embodiment of the present invention can reduce the requirements for programmers, improve the security of the website, and can automatically defend the website without modifying the source code.
[0063] Carry on, such as image 3 As shown, the third embodiment of the present invention provides a system 100 for preventing SQL injection, which includes an injection detection module 110, an injection defense module 120, and a target server 130, which also includes:
[0064] The reverse proxy module 140 is used to record all request logs;
[0065] The request parameter recording module 150 is configured to record the request parameters with injection vulnerabilities after SQL injection detection is performed on the request using the injection detection module;
[0066] The parsing and extracting module 160 is configured to parse the request parameters and extract the corresponding parameter names to generate a URL summary set;
[0067] The attack acquisition module 170 is used to acquire the SQL injection request of the attacker to the URL;
[0068] Wherein, the reverse proxy module 140 is also used to send the SQL injection request to the injection defense module;
[0069] The injection defense module 120 is used to determine whether the address of the SQL injection request is in the URL summary set;
[0070] If yes, the injection defense module 120 replaces the parameter value and related keywords of the address of the SQL injection request to obtain a security request;
[0071] The sending module 180 sends the security request to the WEB site of the target server.
[0072] Among them, such as Figure 4 As shown, the analysis and extraction module 160 in the fourth embodiment of the present invention further includes:
[0073] The rejection unit 161 is configured to parse the request parameter and reject the parameter value;
[0074] The generating unit 162 is configured to generate a URL summary set containing only parameter names.
[0075] Wherein, after the step of the injection defense module 120 determining whether the address of the injection request is in the URL summary set, the method further includes:
[0076] If not, the injection defense module 120 confirms that the request is a security request;
[0077] And perform the step "send the security request to the target server WEB site".
[0078] Among them, the injection defense module 120 also includes:
[0079] The parameter value replacement unit 121 is used to replace all the parameter values;
[0080] The keyword replacement unit 122 is used to replace the rule base according to the script, and replace related keywords with regular expressions;
[0081] The security request generating unit 123 is configured to generate a security request.
[0082] The above are only the embodiments of the present invention and do not limit the patent scope of the present invention. All equivalent transformations made using the content of the description and drawings of the present invention, or directly or indirectly applied in related technical fields, are included in the same reasoning The invention is within the scope of patent protection.
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

no PUM

Description & Claims & Application Information

We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Similar technology patents

Segmented crankshaft machining process

ActiveCN103009021AImprove yield and process qualityImprove processing efficiencyProcessing accuracyMachining process
Owner:SICHUAN MIANZHU XINKUN MACHINERY MAKING

Classification and recommendation of technical efficacy words

  • Improve processing efficiency
  • Lower requirement

Acid tank sealing treatment system

Owner:YANTAI JEREH PETROLEUM EQUIP & TECH

LTE channel measurement and feedback method

InactiveCN102546113ALower requirementReduce computational workloadError preventionTransmission path multiple useSignal-to-noise ratio (imaging)Transmission point
Owner:沈阳市联盛科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products