Penetration test method using blind SQL injection based on second-order fragment and reassembly

De-guang LE; Sheng-rong GONG; Shao-gang WU; Feng XU; Wen-sheng LIU

doi:10.11959/j.issn.1000-436x.2017238

您当前的位置：

首页 >

文章列表页 >

Penetration test method using blind SQL injection based on second-order fragment and reassembly

Papers | 更新时间：2024-06-05

- Penetration test method using blind SQL injection based on second-order fragment and reassembly
- Journal on Communications Vol. 38, Issue Z1, Pages: 73-82(2017)
- 作者机构：
  
  1. 常熟理工学院计算机科学与工程学院，江苏常熟 215500
  2. 苏州大学计算机科学与技术学院，江苏苏州 215006
  3. 中科梦兰电子科技有限公司，江苏常熟 215500
  4. 泉州市公安局公共信息网络安全监察支队，福建泉州 362000
- 作者简介：
- 基金信息：
  
  The National Natural Science Foundation of China(61402057);The Production and Research Prospective Joint Research Project of Jiangsu Province(BY2016050-01);The Jiangsu Provincial Natural Science Foundation of China(BK20160411)
- DOI：10.11959/j.issn.1000-436x.2017238
  CLC： TP393
- Online First：2017-10，
  
  Published：25 October 2017
- 稿件说明：
移动端阅览
De-guang LE, Sheng-rong GONG, Shao-gang WU, et al. Penetration test method using blind SQL injection based on second-order fragment and reassembly[J]. Journal on Communications, 2017, 38(Z1): 73-82.
DOI：

De-guang LE, Sheng-rong GONG, Shao-gang WU, et al. Penetration test method using blind SQL injection based on second-order fragment and reassembly[J]. Journal on Communications, 2017, 38(Z1): 73-82. DOI： 10.11959/j.issn.1000-436x.2017238.

摘要

针对如何克服当前SQL注入渗透测试存在的盲目性，以生成优化的SQL注入攻击模式、增强渗透测试攻击生成阶段的有效性，提高对SQL注入渗透测试的准确度问题，提出一种基于二阶分片重组的SQL盲注漏洞渗透测试方法。该方法通过对SQL注入攻击行为进行建模，并以模型驱动渗透测试多形态和多种类的攻击生成，从而降低SQL注入渗透测试盲目性，提高其准确度。通过实际的Web应用SQL注入漏洞测试实验与比较分析，不仅验证了所提方法的有效性，而且通过减少在安全防御环境下对 SQL 注入漏洞检测的漏报，提高其测试的准确度。

Abstract

How to get rid of the blindness of current SQL injection penetration test

produce the optimized attack pattern of SQL injection

enhance the effectiveness in the phase of attack generation

and improve the accuracy of vulnerability detection of SQL injection using penetration test

is a big challenge.In order to resolve these problems

a new penetration test method using blind SQL injection was proposed based on second-order fragment and reassembly.In this method

the SQL injection attack model was built firstly and then the multiform and multi-type attack patterns of SQL injection penetration test driven by the SQL injection attack model was produced

which can reduce the blindness of SQL injection penetration test and improve the accuracy of SQL injection vulnerability detection.The experiments of SQL injection vulnerability detection was conducted through the actual Web applications by using proposed method in comparison with current methods.The analysis results of test show the proposed method is better compared with other methods

which not only proves the effectiveness of proposed method

but also improve the accuracy of SQL injection vulnerability detection by reducing false negative in the defensive environment.

关键词

Keywords

references

OWASP . The ten most critical Web application security risks [S ] . OWASP Top 10 , 2017 .

ANTUNES N , VIEIRA M . Designing vulnerability testing tools for Web services:approach,components,and tools [J ] . International Journal of Information Security , 2017 , 16 ( 4 ): 435 - 457 .

ANTUNES N , VIEIRA M . Penetration testing for Web services [J ] . IEEE Computer , 2014 , 47 ( 2 ): 30 - 36 .

DEEPA G , THILAGAM P S . Securing Web applications from injection and logic vulnerabilities:approaches and challenges [J ] . Information and Software Technology , 2016 , 74 ( 6 ): 160 - 180 .

DALAI A K , JENA S K . Neutralizing SQL injection attack using server side code modification in Web applications [J ] . Security ＆Communication Networks , 2017 , 2017 ( 2 ): 1 - 12 .

乐德广 , 李鑫 , 龚声蓉 , 等 . 新型二阶 SQL 注入技术研究 [J ] . 通信学报 , 2015 , 36 ( Z1 ): 85 - 93 .

LE D G , LI X , GONG S R , et al . Research on second-order SQL injection techniques [J ] . Journal on Communications , 2015 , 36 ( Z1 ): 85 - 93 .

HALFOND W G J , CHOUDHARY S R , ORSO A . Improving penetration testing through static and dynamic analysis [J ] . Software Testing Verification ＆ Reliability , 2011 , 21 ( 3 ): 195 - 214 .

SALAS M I P , MARTINS E . A black-box approach to detect vulnerabilities in Web services using penetration testing [J ] . IEEE Latin America Transactions , 2015 , 13 ( 3 ): 707 - 712 .

CHEN J M , WU C L . An automated vulnerability scanner for injection attack based on injection point [C ] // IEEE International Computer Symposium (ICS) . 2010 : 113 - 118 .

ALENEZI M , JAVED Y . Open source Web application security:a static analysis approach [C ] // IEEE International Conference on Engineering ＆ MIS (ICEMIS) . 2016 : 1 - 5 .

KIM M Y , LEE D H . Data-mining based SQL injection attack detection using internal query trees [J ] . Expert Systems with Applications , 2014 , 41 ( 11 ): 5416 - 5430 .

JANG Y S , CHOI J Y . Detecting SQL injection attacks using query result size [J ] . Computers ＆ Security , 2014 , 44 ( 2 ): 104 - 118 .

KAR D , PANIGRAHI S , SUNDARARAJAN S . SQLiGoT:detecting SQL injection attacks using graph of tokens and SVM [J ] . Computers＆ Security , 2016 , 60 ( 3 ): 206 - 225 .

KIEZUN A , GUO P J , JAYARAMAN K , et al . Automatic creation of SQL Injection and cross-site scripting attacks [C ] // 31st IEEE International Conference on Software Engineering . 2009 : 199 - 209 .

HUANG H C , ZHANG Z K , CHENG H W , et al . Web application security:threats,counter measures,and pitfalls [J ] . IEEE Computer , 2017 , 50 ( 6 ): 81 - 85 .

DAHSE J , HOLZ T . Static detection of second-order vulnerabilities in Web applications [C ] // 23rd USENIX conference on Security Symposium (USENIX) . 2014 : 989 - 1003 .

YAN L , LI X H , FENG R T , et al . Detection method of the second-order SQL injection in Web applications [J ] . Lecture Notes in Computer Science , 2014 , 8332 ( 1 ): 154 - 165 .

MARBACK A , DO H , HE K , et al . A threat model-based approach to security testing [J ] . Software-Practice ＆ Experience , 2013 , 43 ( 2 ): 241 - 258 .

XIONG P L . A model-driven penetration test framework for Web applications [D ] . University of Ottawa , 2012 .

KAUR N , KAUR P . Modeling a SQL injection attack [C ] // 3rd IEEE International Conference on Computing for Sustainable Global Development (INDIACom) . 2016 : 77 - 82 .

BYERS D , SHAHMEHRI N . Unified modeling of attacks,vulnerabilities [C ] // ICSE Workshop on Software Engineering for Secure Systems (SESS) . 2010 : 36 - 42 .

田伟 , 许静 , 杨巨峰 , 等 . 模型驱动的Web应用SQL注入渗透测试 [J ] . 高技术通讯 , 2012 , 22 ( 11 ): 1161 - 1168 .

TIAN W , XU J , YANG J F , et al . Model-driven penetration test of the SQL injection in Web applications [J ] . Chinese High Technology Letters , 2012 , 22 ( 11 ): 1161 - 1168 .

VIBHANDIK R , BOSE A K . Vulnerability assessment of Web applications - a testing approach [C ] // 4th IEEE International Conference on e-Technologies and Networks for Development (ICeND) . 2015 : 1 - 6 .

LIBAN A , HILLES S M . Enhancing MySQL injector vulnerability checker tool (mysql injector) using inference binary search algorithm for blind timing-based attack [C ] // IEEE 5th Control and System Graduate Research Colloquium . 2014 : 47 - 52 .

DABAS A , SHARMA A K . Understanding advanced blind SQLI attack [J ] . International Journal of Engineering Research and General Science , 2015 , 3 ( 3 ): 1548 - 1552 .

HALFOND W , VIEGAS J , ORSO A . A Classification of SQLinjection attacks and countermeasures [C ] // International Symposium on Secure Software Engineering (ISSSE) . 2006 : 12 - 23 .

ANTUNES N , VIEIRA M . Defending against Web application vulnerabilities [J ] . IEEE Computer , 2012 , 45 ( 2 ): 66 - 72 .

Views

1672

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Privacy level evaluation of differential privacy for time series based on filtering theory

Approach to detecting SQL injection behaviors in network environment

Study on choosing the parameter ε in differential privacy

Related Author

Wen-jun XIONG

Zheng-quan XU

Hao WANG

Yu-fei ZHAO

Gang XIONG

Long-tao HE

Zhou-jun LI

Xian-mang HE

Related Institution

State Key Laboratory of Information Engineering in Surveying,Mapping and Remote Sensing,Wuhan University

Collaborative Innovation Center for Geospatial Technology,Wuhan University

School of Computer Science, Beihang University

Institute of Information Engineering, Chinese Academy of Sciences

National Computer Network Emergency Response Technical Team/Coordination Center of China

AI问答

⁰