| With the emergence of the new technology of web 2.0,web application has developed rapidly in all walks of life.At the same time,web applications are facing increasingly complex security threats,in which injection vulnerability is one of the most important vulnerabilities affecting the security of web applications,and SQL injection vulnerability is the most widely and seriously affected vulnerability.SQL injection attacks typically occur when an attacker attaches a malicious statement that is constructed to a normal HTTP request and is validated and parsed to execute an injection attack.SQL injection attacks can cause serious consequences such as sensitive information leakage and illegal access to web sites.According to the production process of SQL injection,this paper divides SQL injection into first-order SQL injection vulnerability and second-order SQL injection vulnerability.At present,the prevention and detection methods of first-order SQL injection vulnerability are mature,but there is no effective and accurate detection method for second-order SQL injection vulnerability.In this paper,the first-order SQL injection attack and second-order SQL injection attack process can be subdivided through in-depth study of SQL injection technology and principle and the rules and characteristics of SQL injection vulnerability.Especially,the second-order SQL injection process can be abstracted as two steps of storage and retrieval.On the basis of understanding the principle of second-order SQL injection attack,the new technology of accessing data locally in html 5 client database appears.by using its offline update mechanism,a new second-order SQL injection vulnerability is found,which is called second-order asynchronous SQL injection vulnerability.A method combining static analysis and penetration test is proposed to detect the second-order SQL injection vulnerability by associating the two processes of second-order SQL injection vulnerability with data-item.In the static analysis part,the program source code is at the part of a static analysis module,creates data-items by means of preprocessing,program slicing,sensitive function matching and other measures,and finally obtains a suspicious data-item pair set and a suspicious path set through data-item submodule processing;In the penetration testing part,the part generates malformed test statements to test suspicious paths and suspicious data-item pairs according to the malicious input rule base,and confirms whether a second-order SQL injection vulnerability exists according to the web response.Six representative web applications were selected as experimental objects,and the second-order SQL injection detection method proposed in this paper is verified experimentally.According to the analysis of the experimental results,the detection method proposed in this paper is effective and feasible. |
PDF Full Text Request