期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

新型二阶SQL注入技术研究 被引量:13

Research on second-order SQL injection techniques
下载PDF
导出
摘要 面对新的Web技术环境,提出了3种新型二阶SQL注入技术:二阶SQL盲注、二阶SQL注入攻击操作系统和客户端二阶SQL注入。实验测试证明所提出的3种新型二阶SQL注入广泛存在于Web应用中,并且3种新型二阶注入技术可以实现对服务器和客户端的有效攻击。 With the environment of new Web technologies, three kinds of second-order SQL injection techniques were proposed: blind second-order SQL injection, second-order SQL injection attacks the operating system and client second-order SQL injection. Experiments show that second-order SQL injection vulnerabilities exist widely in Web applications, and the proposed new second-order injection techniques can effectively commit attacks both server and client.
作者 乐德广 李鑫 龚声蓉 郑力新
机构地区 常熟理工学院计算机科学与工程学院 华侨大学工学院
出处 《通信学报》 EI CSCD 北大核心 2015年第S1期85-93,共9页 Journal on Communications
基金 国家自然科学基金资助项目(61202440 61170124) 福建省物联网云计算平台建设基金资助项目(2013H2002)~~
关键词 SQL 二阶SQL注入 盲注 攻击载荷 SQL second order SQL injection blind injection attack payload
分类号 TP311.13 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献22

  • 1MEIYAPPAN Y.Using the Web SQL database API in HTML 5. http://www.databasejournal.com/sqletc/article.php/3903201/Using-the-Web-SQL-Database-API-in-HTML-5.htm . 2015
  • 2OSWAP.Category:OWASP top ten project. http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project .
  • 3YAN L,LI X H,FENG R T,et al.Detection method of the second-order SQL injection in Web applications. Lecture Notes in Computer Science . 2014
  • 4KIEYZUN A,GUO P J,JAYARAMAN K,et al.Automatic creation of SQL Injection and cross-site scripting attacks. Proceedings of the31st International Conference on Software Engineering (ICSE) . 2009
  • 5ALEXA.The top 1000 sites on the Web. http://www.alexa.com/topsites . 2015
  • 6Lwin Khin Shar,Hee Beng Kuan Tan.??Predicting SQL injection and cross site scripting vulnerabilities through mining input sanitization patterns(J)Information and Software Technology . 2013 (10)
  • 7Young-Su Jang,Jin-Young Choi.??Detecting SQL injection attacks using query result size(J)Computers & Security . 2014
  • 8FOCARDI R,LUCCIO F L,SQUARCINA M.Fast SQL blind injections in high latency networks. Proceedings of IEEE First AESS European Conference on Satellite Telecommunications (ESTEL) . 2012
  • 9Mi-Yeon Kim,Dong Hoon Lee.??Data-mining based SQL injection attack detection using internal query trees(J)Expert Systems With Applications . 2014
  • 10田伟,许静,杨巨峰,张莹,刘磊.模型驱动的Web应用SQL注入渗透测试[J].高技术通讯,2012,22(11):1161-1168. 被引量:5

二级参考文献45

  • 1张勇,李力,薛倩.Web环境下SQL注入攻击的检测与防御[J].现代电子技术,2004,27(15):103-105. 被引量:55
  • 2陈小兵,张汉煜,骆力明,黄河.SQL注入攻击及其防范检测技术研究[J].计算机工程与应用,2007,43(11):150-152. 被引量:73
  • 3Su Zhendong, Wassermann G. The essence of command injection attacks in Web applications [C] //Proc of the ACM Symp on PrincipLes of Programming Languages (POPL). New York: ACM, 2006.
  • 4Kneuss E, Suter P, Kuncak V. Phantm: Php analyzer for type mismatch [C] //Proc of ACM SIGSOFT 18th Int Symp on the Foundations of Software Engineering. New York: ACM, 2010.
  • 5Jovanovic N, Kruegel C, Kirda E. Precise alias analysis for static detection of Web application vulnerabilities [C] //Proc of ACM SIGPLAN Workshop on Programming Languages and Analysis for Security. New York: ACM, 2006.
  • 6Minamide Y. Static approximation of dynamically generated Web pages [C] //Proc of the 14th Int Conf on World Wide Web. NewYork: ACM, 2005.
  • 7Wassermann G, Su Zhendong. Sound and precise analysis of Web applications for injection vulnerabilities [C]//Proc of ACM Conf on Programming Language Design and Implementation (PLDI). New York: ACM, 2007.
  • 8Wassermann G, Su Zhendong. Static detection of cross-site scripting vulnerabilities [C] //Proc of the 29th Int Conf on Software Engineering(ICSE). New York: ACM, 2008.
  • 9Allen J. Perl version 5.12.2 documentation-perlsec [EB/OL]. [2011-09-22]. http://perldoc, peri. org/perlsec. pdf.
  • 10Nguyen-Tuong A, Guarnieri S, Greene D, et al. Automatically hardening Web applications using precise tainting [C] //Proc of the 20th IFIP Int Information Security Conf. Berlin: Springer, 2005.

共引文献27

同被引文献62

引证文献13

二级引证文献28

通信学报
2015年 第S1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部