No-echo SQL injection detection method based on DNS

No-echo SQL injection detection method based on DNS

The invention relates to a no-echo SQL injection detection method based on a DNS. The method comprises the following steps: sending an HTTP request with a detection load to a target website by an SQLinjection scanner; after execution, initiating a DNS request for an authoritative DNS server; after p...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: FAN YUAN, YING CHENWEI
Format: Patent
Sprache:chi ; eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The invention relates to a no-echo SQL injection detection method based on a DNS. The method comprises the following steps: sending an HTTP request with a detection load to a target website by an SQLinjection scanner; after execution, initiating a DNS request for an authoritative DNS server; after parsing the DNS request by the authoritative DNS server, returning a response to the target website,and recording a parsing result in a log; and when the SQL injection scanner initiates a parsing record query request to the authoritative DNS server through the HTTP request, querying the log, and obtaining a detection result that whether the website has SQL injection vulnerabilities according to whether a parsing record exists or not. According to the no-echo SQL injection detection method basedon the DNS provided by the invention, the DNS parsing record with a special coding format is used for detecting no-echo SQL injection, which can accurately and quickly detect the vulnerabilities, reduce the detection time, imp