| Along with the changing and high-speed development of Internet technology,network has gradually become an indispensable part of the people’s daily life.However, there are always two sides to everything. Network brings peopleconvenience in their lives while also gives a malicious attacker a great crime scene."Cyber crime" is no longer strange and distant. Network security has become a majorproblem which cannot be ignored, among them, the SQL injection vulnerabilities arealmost most serious.This paper designed a special scanner for SQL injection deep inspection scanneron basis of research on SQL injection. The main stages of processing work are asfollows:In the crawler module, this paper uses the multi-threaded crawler, which, is agood way to improve the scanning speed and to improve the efficiency of scraping.In this paper, the design of the crawler uses Java programming language. For therealization of the thread synchronization, invoke the synchronized keyword to avoidconflict among threads. By the end of the scanning, the crawler module willautomatically generate the result in result.txt under the specified folder. At the sametime, this article also used the Hashtable class to prevent the repeated scraping of thepage.In deep detection module, this article uses the sleep() and BENCHMARK()functions to detect the existence of uncertain pages according to the delay injectiontest. If there exists a SQL injection, the respond time of the web pages will bedelayed.In the simulated attack module, this paper uses dictionary blasting, viewing andanalysis the error information in returned pages, or bit by bit guessing theinformation of the tested system. On one hand, the seriousness of the SQL injectionvulnerabilities can be judged by certain risk level; On the other hand, this module canhelp increase the safety awareness of programmers. |
PDF Full Text Request