A method and device for detecting sql injection vulnerabilities

Abstract

The invention discloses a method of detecting a SQL (Structured Query Language) injection vulnerability and a device for improving vulnerability detection accuracy and reducing operation load of a web application vulnerability scanning system in the case of detection. According to the method, whether a vulnerability exists or not is judged according to a similarity calculated by actual response time and expected delay time in an attach vector. Network influences on response time in near times are basically the same, when the similarity between the expected delay time and the actual response time is calculated, a similar variation range does not decisively influence the similarity calculation result, and accuracy of vulnerability existence judgment is not influenced. Thus, in different network conditions and different target environments, a time-based SQL injection vulnerability can be ensured to be quickly and accurately detected by a program, and thus, the operation load caused by SQL injection vulnerability judgment to the web application vulnerability scanning system can be effectively reduced.

Description

technical field [0001] The invention relates to network security technology, in particular to a method and device for detecting SQL injection loopholes. Background technique [0002] Structured Query Language (SQL) injection is a common vulnerability in web application security. In a web application with SQL injection, an attacker can take advantage of the code flaws of the web application to insert SQL commands into any application parameter values ​​that can affect database queries, tricking the server into executing the inserted malicious SQL commands, thereby obtaining the Sensitive information of a web application even controls the entire server of the web application. Therefore, it is necessary to design an effective SQL injection detection method to detect SQL injection vulnerabilities to prevent SQL injection attacks. [0003] In practical applications, the SQL injection detection method is also a SQL injection attack method, that is, the target server is attacked ...

AI Technical Summary

Problems solved by technology

[0006] 1) In the limited detection time, it is impossible to obtain a large amount of data to evaluate the current network situation;

[0007] 2) Without considering the time consumption, obtaining a large amount of data requires sending a large number of requests, which will put a lot of pressure on the target server site in the case of multiple concurrent scans, and consume more resources at the same time;

[0008] 3) Due to the instability of the network during the scanning process, it is impossible to design a reasonable and effective response time interval prediction algorithm;

[0009] 4) In order to ensure the accuracy of the scanning results, the delay function is used multiple times for judgment, and the single delay time is long, resulting in a long time-consuming overall scan;

[0010] 5) For the case where the database executes an integer multiple of the time described in the attack vector when executing an attack vector containing delay functions such as sleep() and delay(), the traditional judgment method based on the time interval will cause false positives;

[0011] 6) When using time-based SQL injection vulnerability detection using attack vectors that repeatedly execute characteristic expressions such as bannermark(), the time for executing a characteristic expression in different target environments is not fixed. Therefore, the traditional time interval-based Judgment method is prone to false positives

[0012] It can be seen that the existing time-based SQL injection vulnerability detection methods cannot quickly and accurately detect time-based SQL injection vulnerabilities

Moreover, false positives and false positives often occur when using existing detection methods, which seriously affects the overall detection performance of the web application vulnerability scanning system.

Images