Supercharge Your Innovation With Domain-Expert AI Agents!

SQL injection vulnerability detection method and device

A vulnerability detection and vulnerability technology, which is used in computer security devices, special data processing applications, instruments, etc.

Inactive Publication Date: 2018-02-16
ZHENGZHOU YUNHAI INFORMATION TECH CO LTD
View PDF3 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] This application provides a SQL injection vulnerability detection method and detection device to solve the problem of automatic injection vulnerability testing of Web applications with verification technology

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SQL injection vulnerability detection method and device
  • SQL injection vulnerability detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] The embodiment of the present invention provides a SQL injection vulnerability detection method, which can bypass the verification mechanism set in the Web server using the AntiCSRF verification technology, and realize the automatic execution of the injection vulnerability test.

[0028] In order to enable those skilled in the art to better understand the technical solutions in the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described The embodiments are only some of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts shall fall within the protection scope of the present invention.

[0029] figure 1 It is a flow chart of the SQL in...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an SQL injection vulnerability detection method and device. The detection method comprises the steps that a first query request comprising a first query string an verificationparameters is sent to a Web server; a first query response of the Web server is received; a second query request comprising a second query string and the verification parameters in the first query response is sent to the Web server; a second query response returned by the Web server is received, wherein one of the first query string and the second query string is a normal query string, and the other is an SQL injection vulnerability detection string; and whether an SQL injection vulnerability exists in a Web application is judged according to response data in the first query response and the second query response. During injection vulnerability detection, a verification comparison process set by the Web server can be broken by extracting the verification parameters in the query responses and adding the verification parameters into a subsequent query request, and SQL injection vulnerability detection of the Web application avoiding verification technology setting is realized.

Description

technical field [0001] The present application relates to the technical field of Web application security monitoring, in particular to a SQL injection vulnerability detection method and detection device. Background technique [0002] In order to prevent the application program adopted by the user from constructing dynamic SQL statements to execute illegal data query, it is necessary to test the SQL injection vulnerability of the web application. Due to the need for a large number of SQL statement tests, in order to reduce labor costs, the SQL injection vulnerability test uses automated detection tools for batch detection, and automatically judges whether the corresponding detection statements have loopholes. [0003] When performing injection vulnerability testing on some web applications that use the AntiCSRFToken verification technology, penetration test engineers can find SQL injection vulnerabilities during manual detection; while using automated detection tools to detec...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/55G06F21/57G06F17/30H04L29/06
CPCG06F16/90344G06F21/554G06F21/577H04L63/1433
Inventor 陈栋
Owner ZHENGZHOU YUNHAI INFORMATION TECH CO LTD
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com