Unlock instant, AI-driven research and patent intelligence for your innovation.
Method and device for detecting ssrf vulnerabilities
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A detection method and vulnerability technology, applied in computer security devices, instruments, computing, etc., can solve problems such as inability to detect SSRF vulnerabilities
Active Publication Date: 2020-01-17
上海安恒时代信息技术有限公司
View PDF4 Cites 0 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
[0004] In view of this, the object of the present invention is to provide a method and device for detecting SSRF loopholes, so as to alleviate the technical problem that SSRF loopholes cannot be detected in the prior art
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0052] A detection method for SSRF vulnerabilities, refer to figure 1 , applied to the user terminal, the method includes:
[0053] S101. Obtain a vulnerability query request, wherein the vulnerability query request includes: the URL link to be detected, a random character string corresponding to the URL link to be detected, and the domain name of the public network server;
[0054] In the embodiment of the present invention, the SSRF vulnerability detection method is specifically a detection method executed by SSRF vulnerability detection software. When using the SSRF vulnerability detection software, the user installs the SSRF vulnerability detection software on his or her own computer. After the installation is complete, the user inputs the URL link to be detected (that is, the webpage entry to be detected), or enters an URL similar to baidu.com. Site, the SSRF vulnerability detection software has a built-in crawler, crawls all URL links to be detected on baidu.com through...
Embodiment 2
[0107] A detection device for SSRF vulnerabilities, refer to Figure 4 , applied to a user terminal, the device includes:
[0108] The obtaining module 11 is used to obtain a vulnerability query request, wherein the vulnerability query request includes: the URL link to be detected, a random character string corresponding to the URL link to be detected, and the domain name of the public network server;
[0109] The first sending module 12 is used to send a vulnerability query request to the server corresponding to the URL link to be detected, and when an SSRF loophole is found, obtain a vulnerability query result, wherein the vulnerability query result is recorded in the public network server;
[0110] The second sending module 13 is used to send a secret key query request to the verification port of the public network server, so as to query whether there is a vulnerability query result in the public network server, wherein the secret key query request is generated according to...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
PUM
Login to View More
Abstract
The present invention provides a method and device for detecting SSRF loopholes. The detection method includes: obtaining a loophole query request; sending a loophole query request to a server corresponding to a URL link to be detected, and obtaining a loophole query result when an SSRF loophole is found ; Send a secret key query request to the verification port of the public network server to query whether there is a vulnerability query result in the public network server; if the return result returned by the public network server according to the secret key query request is the first preset result, then determine to Detects SSRF vulnerabilities in URL links. The present invention proposes a method for detecting SSRF loopholes, which can detect whether there are SSRF loopholes in URL links to be detected, and alleviates the technical problem that SSRF loopholes cannot be detected in the prior art.
Description
technical field [0001] The invention relates to the technical field of web page security detection, in particular to a method and device for detecting SSRF loopholes. Background technique [0002] The SSRF (Server-Side Request Forgery) vulnerability is a new type of web application vulnerability. It is different from the CSRF (Cross-Site Request Forgery) vulnerability. It uses the server to send requests to other internal and external servers. This kind of vulnerability occurs when some web applications need to obtain data from other servers through the client-specified url, such as sharing webpage content through url address, remote picture loading or downloading, transcoding service, online translation and other functions. When the functions provided by the web application do not impose strict restrictions on the submitted url parameter values, such as request protocol restrictions, internal and external access restrictions, etc., attackers are likely to take advantage of ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to View More 
Login to View More