Supercharge Your Innovation With Domain-Expert AI Agents!

Detection method and device of SQL (Structured Query Language) injection vulnerabilities

A detection method and vulnerability technology, applied in the field of information security, can solve problems such as lack of flexibility, inability to accurately detect 0day vulnerabilities, easy to miss unknown vulnerabilities, etc., and achieve the effect of improving network security

Active Publication Date: 2017-02-15
BEIJING QIHOO TECH CO LTD +1
View PDF5 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the existing vulnerability detection technology lacks flexibility. It can only detect known vulnerabilities, and it is easy to miss some unknown vulnerabilities. Vulnerabilities to be repaired), thereby putting the security of computer systems at risk

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection method and device of SQL (Structured Query Language) injection vulnerabilities
  • Detection method and device of SQL (Structured Query Language) injection vulnerabilities
  • Detection method and device of SQL (Structured Query Language) injection vulnerabilities

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0084] User request:

[0085] / sqli / ? id=qwdwqd'UNION ALL SELECT NULL,CONCAT(0x7178767a71,0x55506c6c486474696776746d4f4573737877764e504e595a6343645866494b625263656171594576,0x717171717876#&Submit=Submit)

[0086] Corresponding response features:

[0087] qxvzqUPllHdtigvtmOEssxwvNPNYZcCdXfIKbRceaqYEvqqqxq.

[0088] 具体的,语义分析过程中提取的用户请求中的目标特征,通过对目标特征即CONCAT函数CONCAT(0x7178767a71,0x55506c6c486474696776746d4f4573737877764e504e595a6343645866494b625263656171594576,0x7171717871)进行计算,得到计算结果为qxvzqUPllHdtigvtmOEssxwvNPNYZcCdXfIKbRceaqYEvqqqxq,然后检测该用户请求对应的响应页面, If the response page contains a response feature corresponding to the target feature, that is, qxvzqUPllHdtigvtmOEssxwvNPNYZcCdXfIKbRceaqYEvqqqxq, it is confirmed that there is a SQL injection vulnerability.

example 2

[0090] User request:

[0091] / ? question / search / %27%75nion%20select%201,2,3,4,5,6,7,8,md5(1122),10,11,12,13,14,15,16,17,18, 19,20%23

[0092] Corresponding response features:

[0093] 3b712de48137572f3849aabd5666a4e3

[0094] Specifically, the target feature in the user request extracted in the semantic analysis process is calculated by calculating the target feature, that is, the md5 function md5(1122), and the calculation result is 3b712de48137572f3849aabd5666a4e3, and then the response page corresponding to the user request is detected. If the page contains the response feature corresponding to the target feature, that is, 3b712de48137572f3849aabd5666a4e3, it is confirmed that there is a SQL injection vulnerability.

example 3

[0096] User request:

[0097] / information / oa_infordislist.asp? class=1UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,char(119)%2bchar(101)%2bchar(98)%2bchar(115)%2bchar(99)%2bchar(97)%2bchar( 110)%2bchar(58)%2bchar(105)%2bc har(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100),NULL,NULL,NULL,NULL,NULL, NULL,NULL,NULL,NULL,NULL,NULL—

[0098] Corresponding response features:

[0099] 'webscan:i;find'

[0100] Specifically, the target features in the user request extracted during the semantic analysis process are analyzed by comparing the target features, that is, multiple char functions char(119)% 2bchar(101)% 2bchar(98)% 2bchar(115)% 2bchar(99)% 2bchar(97)%2bchar(110)%2bchar(58)%2bchar(105)%2bchar(59)%2bchar(102)%2bchar(105)%2bchar(110)%2bchar(100) The calculation result is performed Character splicing, the calculation result obtained is 'webscan:i; find', and then the response page corresponding to the user request is detected, if the response page contains the respon...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a detection method and device of SQL (Structured Query Language) injection vulnerabilities. The method comprises the following steps of receiving a user request, and carrying out semantic analysis based on lexical analysis and grammatical analysis on the user request; in a semantic analysis process, carrying out a target characteristic extraction operation; and detecting a response page corresponding to the user request, and confirming that the SQL injection vulnerabilities are in the presence if the response page contains response characteristics corresponding to the target characteristic, wherein the response characteristics and the target characteristic have a logical relationship. The user request and the response page corresponding to the user request are subjected to characteristic matching to judge whether the response page has the response characteristics corresponding to the target characteristic of the user request to realize the detection of the injection vulnerabilities, known vulnerabilities can be detected, and the detection of unknown vulnerabilities can be quickly and accurately realized so as to be favorable for improving the network safety of a computer system.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a method and device for detecting SQL injection vulnerabilities. Background technique [0002] Structured Query Language (SQL) injection vulnerability is a widely used and threatening Web attack technology. By guessing and verifying the SQL execution logic of the target system, an attack that can deceive the interpreter is constructed. payload, execute offensive commands or access unauthorized data. This attack method is highly concealed, and the attacked Web application system may leak or destroy sensitive information, causing a very serious impact on normal business. [0003] Existing detection of SQL injection vulnerabilities is mostly based on feature matching of HTTP requests. By matching the features of HTTP requests with a pre-constructed vulnerability signature database, if the matching is successful, it is determined that there is an SQL injection vulnerabi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/55
CPCG06F21/554
Inventor 计东韩鹏
Owner BEIJING QIHOO TECH CO LTD
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com