| Second-order SQL injection is a new type of vulnerability,which is widely exists in Web applications,and gradually become a breakthrough of cyber attacks.Like traditional SQL injection,second-order SQL injection can cause information leakage,command execution,and Trojan uploading.Therefore,it is a serious threat to the safety of the target system.Due to the characteristics of multi stage and implicit reading/writing,it is lack of effective detection methods.Therefore,it is significant to put forward a specific detection method before the attack.Based on the analysis of the characteristics of the second-order SQL injection and the existing detection methods,under the combination of static and dynamic,this paper propose two detection methods: a detection method combining static taint analysis and fuzzy test,and a detection method combining dynamic taint analysis and lexical analysis.Furthermore,this paper perform prototype STS and DTS.The main research work of this paper includes the following contents:1.In this paper,the principle of second-order SQL injection is analyzed firstly.Then,this paper describes the existing defense technologies and analyzes their shortcomings.On this basis,this paper summarizes three characteristics related to vulnerability detection: taint propagation,multi stage and implicit reading/writing.2.This paper proposes a detection method combining static taint analysis with fuzzy test.According to the taint propagation characteristics,use taint analysis based on data flow.For the multi stage characteristics,the detection of persistent storage is introduced.For implicit reading/writing characteristics,use dynamic analysis to obtain metadata.Finally,the fuzzy test is used to verify the suspected vulnerabilities.The experimental results show that the proposed method can effectively detect the second-order SQL injectionvulnerability in the Web application.3.This paper presents a method of combining dynamic taint analysis with lexical analysis.For taint propagation characteristics,an improved dynamic taint analysis is used.Through inserting piles,contrast test cases and Sink parameter values to detect taint propagation.In order to improve the coverage rate of dynamic analysis,a method of lexical analysis to get the input point is introduced.Also,the analysis of persistent storage and metadata is introduced to increase accuracy.On the basis of lexical analysis,this paper proposes another method that combined the Web spider to gain input.The experimental results show that the proposed method can find the second-order SQL injection vulnerability in Web applications,and has the value of further research. |
PDF Full Text Request