Zhang Huilin,Ding Yu,Zhang Lihua,Duan Lei,Zhang Chao,Wei Tao,Li Guancheng,Han Xinhui

DOI: https://doi.org/10.7544/issn1000-1239.2016.20160443

2016-01-01

Abstract:SQL injection attacks are prevalent Web threats .Researchers have proposed many taint analysis solutions to defeat this type of attacks ,but few are efficient and practical to deploy .In this paper ,we propose a practical and accurate SQL injection prevention method by tainting trusted sensitive characters into extended UTF‐8 encodings .Unlike typical positive taint analysis solutions that taint all characters in hard‐coded strings written by the developer ,we only taint the trusted sensitive characters in these hard‐coded strings .Furthermore ,rather than modifying Web application interpreter to track taint information in extra memories ,we encode the taint metadata into the bytes of trusted sensitive characters ,by utilizing the characteristics of UTF‐8 encoding .Lastly ,we identify and escape untrusted sensitive characters in SQL statements to prevent SQL injection attacks ,without parsing the SQL statements .A prototype called PHPGate is implemented as an extension on the PHP Zend engine .The evaluation results show that PHPGate can protect Web applications from real world SQL injection attacks and introduce a low performance overhead (less than 1 .6% ) .

DING Xiang,QIU Yin,ZHENG Tao

DOI: https://doi.org/10.3969/j.issn.1000.3842.2011.11.052

2011-01-01

Abstract:The wide-spread use of PHP in Web application development makes PHP Web application become the target of many malicious attackers.On the basis of this,through the modification of PHP interpreter and runtime libraries,the PHP Web applications can prevent SQL injection attack without the modification of the original applications.Different from traditional preventing method based on dynamic tainting,this paper uses the tainting mechanism based on trusted input tainting and SQL dialect-aware check method,solves many existing problems of traditional preventing methods.As a result,this method improves the preciseness of traditional preventing method,without any false positives.Experimental result shows that the method is precise and highly efficient,has little overhead for the PHP Web applications.

Alex Zhu,Wei Qi Yan

DOI: https://doi.org/10.4018/ijdcf.2017100106

2017-01-01

International Journal of Digital Crime and Forensics

Abstract:SQLIA is adopted to attack websites with and without confidential information. Hackers utilized the compromised website as intermediate proxy to attack others for avoiding being committed of cyber-criminal and also enlarging the scale of Distributed Denial of Service Attack DDoS. The DDoS is that hackers maliciously turn down a website and make network resources unavailable to web users. It is extremely difficult to effectively detect and prevent SQLIA because hackers adopt various evading SQLIA Intrusion Detection System techniques. Victims may not be even aware of that their confidential data has been compromised for a long time. In this paper, our contribution is that we evaluate several most popular open source SQLIA tools and SQLIA prevention tools with both qualitative and quantitative assessments.

ZHOU Jing-Li,WANG Xiao-Feng,YU Sheng-Sheng,XIA Hong-Tao

DOI: https://doi.org/10.3969/j.issn.1002-137X.2006.11.019

2006-01-01

Computer Science

Abstract:SQL injection, which is a popular and easy to carry out method of remote attacks, poses a major thread to application level security. In this paper, we introduce Pre-analysis of SQL syntax, a fire-new policy to detect and prevent SQL injection attacks. First, all SQL injection attacks are categorized into some classes and for each class a specified syntagma is abstracted and recorded. Then, the user input is picked up and embedded into prepared SQL sentences. Finally, these embedded SQL sentences are syntactically checked. Any find of underlying syntagma recorded as SQL injection tells a SQL injection attack. The implementation of new policy needs neither modification to Web program codes nor any patch to software of server platform. Experiments prove that new policy provides close to perfect detection rate and avoids the conflict between low false positive rate and low false negative rate.

Zhang Zhuo,Xue Zhi

DOI: https://doi.org/10.3969/j.issn.1009-8054.2006.09.060

2006-01-01

Abstract:Due to the defects of the PHP language itself and weak awareness of network security of application programmers,there exist various security issues which are usually used by SQL injection attackers.Regarding to applica-tion programming experiences,some methods of SQL injection attackers were discussed and the intents of attackers behind such threats were looked into.Countermeasures to deal with SQL injection attack were also provided accordingly.

Zhu Yun,Xue Zhi,Li Jianhua

DOI: https://doi.org/10.3969/j.issn.1009-8054.2006.11.038

2006-01-01

Abstract:With the popularity of open source software, more and more web servers prefer to choose LAMP mode, so their network security problems will be paid more attention to. This paper gives emphasis on describing and analyzing PHP injection leaks existed in LAMP mode based on LAMP, and presents defending measures about various injection leaks

ZHANG Heng-zhi,XUE Zhi

DOI: https://doi.org/10.3969/j.issn.1009-2552.2011.11.015

2011-01-01

Abstract:Nowadays Web application is very familiar to everyone,everybody is taking advantage of it.Web shopping,gain information,browse website,Internet banking and so on.It’s obvious that modern life can’t live without Web applications.But with the convenience which Web applications brought us,the network security problems are increasing,too.SQL injection is one of the most critical loophole.Because of SQL injection attack method is easy to learn,and its success rate is pretty high,SQL injection becomes one of the major method for hackers to attack Web applications.This article shows how SQL injection attacks,and gives several ways to avoid these kinds of attacks though programming.

Xin Liu,Yuanyuan Huang,Tianyi Wang,Song Li,Weina Niu,Jun Shen,Qingguo Zhou,Xiaokang Zhou

DOI: https://doi.org/10.1145/3698038.3698569

2024-01-01

Abstract:SQL injection is a significant and persistent threat to web services. Most existing protections against SQL injections rely on traffic-level anomaly detection, which often results in high false-positive rates and can be easily bypassed by attackers. This paper introduces SQLStateGuard, the world's first middleware-driven statement-level SQL injection defense approach, to address these issues. The SQLStateGuard uses a custom SQL middleware based on the idea of Runtime Application Self-Protection to capture raw SQL statements. These statements are then analyzed by SQLSG-Net, a database-oriented detection network based on gated linear units. If SQLSG-Net detects malicious SQL statements, the SQL middleware will block them. Experiments show that the detection accuracy of SQLStateGuard exceeds 99%, outperforming existing approaches, and it can identify the type of a specific SQL injection. Additionally, SQLStateGuard has no fingerprint and does not respond to SQL syntax errors, making it more challenging for attackers to gather information. This paper also presents a novel dataset generation process for SQLStateGuard and shares two statement-level SQL injection datasets with the research community, including over 145,000 malicious SQL statements categorized by the type of SQL injection.

Huilin ZHANG,Guancheng LI,Yu DING,Lei DUAN,Xinhui HAN,Jianguo XIAO

DOI: https://doi.org/10.13209/j.0479-8023.2017.172

2018-01-01

Abstract:The authors propose a practical and accurate cross site script prevention method based on delimiters for UTF-8 encoded web applications. Only trusted delimiters are tainted into corresponding UTF-8 shadow bytes, and these tainted shadow bytes are automatically propagated in web applications and can be directly delivered into output pages. Cross site script is prevented by analyzing the tainted delimiters and HTML context of output pages. A prototype called XSSCleaner is implemented on PHP. The evaluation shows that XSSCleaner can accurately protect web applications from real world cross site script attacks with an average overhead 12.9%.

Cao Tian-jie

2009-01-01

Abstract:SQL Injection is a Familiar loophole of Web System,using this loophole,the attacker could directly access the database and could led to great hidden troubles.In this paper, the def inition,principle and injection technology were expounded,we advanced prevention measures from different point of views, and the users could establish their own policies, so the security of the system is improved.

Ye Du,Jiqiang Liu,Jieyuan Li,Cheng Li

DOI: https://doi.org/10.1115/1.802977.paper187

2009-01-01

Abstract:Based on the analysis of several kinds of methods generally used to intercept network packets in different layers, a NDIS intermediate driver-based defense mechanism for SQL injection attack is proposed, and the structure is designed. The system is composed of NDIS-based data package capture module, SQL injection attack detection module and rules base. Characteristics of every entity are discussed in detail. Finally, experiments results show that the system can detect SQL injection attacks and intercept malicious packets effectively.

Bernhard Garn,Jovan Zivanovic,Manuel Leithner,Dimitris E. Simos

DOI: https://doi.org/10.1002/stvr.1826

2022-07-04

Software Testing Verification and Reliability

Abstract:This work presents a gray‐box combinatorial security testing methodology for detecting SQL injection vulnerabilities in web applications. New attack grammars modelling SQL injections are proposed. This combinatorial security testing approach performs equally well or better when compared to existing state‐of‐the‐art SQL injection security testing tools. Summary This work presents an extended and enhanced gray‐box combinatorial security testing methodology for SQL injection vulnerabilities in web applications. We propose multiple new attack grammars modelling SQLi attacks against MySQL‐compatible databases, each one targeting a different injection context. Additionally, these grammars are also dynamically refined at the beginning of each attack against an endpoint of a web application, as a further optimization of the used attack model by taking into account the specifics of the generated query of that endpoint. Our goal is to enhance existing combinatorial approaches for detecting SQL injection vulnerabilities. The newly developed methodology is implemented in a prototype security testing tool called SQLInjector+, which is an extension of an earlier prototype developed by us in prior work. This improved tool can attack (i.e. test) any web application that uses a MySQL‐compatible database management system. We evaluate our revised approach and improved prototype tool in a case study comprising of different kinds of web applications to which SQLi is a potential security threat. The case study contains the well‐known verification framework WAVSEP among other five real‐world web applications and one web application firewall. Our generated attack vectors, constructed via combinatorial methods applied to our improved and dynamically optimized attack grammars, are capable of injecting every known vulnerable endpoint in WAVSEP and also of finding new vulnerable parameters in some of the real‐world applications investigated in this paper. Our approach performs equally well or better when compared with existing state‐of‐art of SQL injection security testing tools (sqlmap, w3af, wapiti and fuzzdb) across all tested web applications in the case study.

computer science, software engineering

SUN Yi,HU Yu-ji,HUANG Hao

DOI: https://doi.org/10.3969/j.issn.1001-3695.2010.09.088

2010-01-01

Abstract:SQL injection attacks pose a serious threat to the security of Web applications because they can give attackers unrestricted access to databases that contain sensitive information. This paper proposed a new method based on sequence alignment for protecting existing Web applications against SQL injection. Elaborated implementation and detection pattern with sequence alignment algorithm in detail. Finally analyzed and tested the correctness and performance of the method. Experimental results show that this method is simple and effective.

Xu Xiaotian,Si Guanlin,Li Min,Gao Ranxin,Chen-Jung Wei

DOI: https://doi.org/10.1109/ITAIC54216.2022.9836786

2022-06-17

Abstract:In view of the risk of SQL injection attack faced by the Web system, this paper proposes a SQL injection attack detection mechanism based on triangle module operator. The method uses the analysis results of web logs and user input as fusion operators to judge whether an attack occurs. At the same time, for the defense against SQL injection attack, this paper believes that the source code vulnerability testing, penetration testing and security configuration verification should be conducted before the Web system goes online, therefore it can improve the security of the information system.

Computer Science

Haibin Hu

DOI: https://doi.org/10.1063/1.4982570

2017-01-01

AIP Conference Proceedings

Abstract:Among numerous WEB security issues, SQL injection is the most notable and dangerous. In this study, characteristics and procedures of SQL injection are analyzed, and the method for detecting the SQL injection attack is illustrated. The defense resistance and remedy model of SQL injection attack is established from the perspective of non-intrusive SQL injection attack and defense. Moreover, the ability of resisting the SQL injection attack of the server has been comprehensively improved through the security strategies on operation system, IIS and database, etc.. Corresponding codes are realized. The method is well applied in the actual projects.

Jiao Ma,Kun Chai,Yao Xiao,Tian Lan,Wei Huang

DOI: https://doi.org/10.1109/icm.2011.287

2011-09-01

Abstract:In order to solve the problems that IDSs and firewalls cannot efficiently detect new SQL injection and too much time is wasted when the security personnel reads log files to analyze attacks, we proposed and implemented a high-interaction web honeypot system for SQL injection analysis. By (i)modifying PHP extension for MySQL to intercept database requests and (ii)adopting exception based and signature based detection techniques, the system can generate the corresponding attack graphs to solve problems above. For illustration, SQL injection attack examples are utilized to show the performance of the honeypot system. The results show that the honeypot system can intercept all database requests and increase the efficiency of SQL injection analysis with the attack graphs. This system provides an efficient and timely detection on the new SQL injection and helps security personnel quickly analyzing the new SQL injection with the attack graph.

Bing Zhang,Rong Ren,Jia Liu,Mingcai Jiang,Jiadong Ren,Jingyue Li

DOI: https://doi.org/10.1109/tse.2024.3400404

IF: 7.4

2024-07-19

IEEE Transactions on Software Engineering

Abstract:Due to well-hidden and stage-triggered properties of second-order SQL injections in web applications, current approaches are ineffective in addressing them and still report high false negatives and false positives. To reduce false results, we propose a Proxy-based static analysis and dynamic execution mechanism towards detecting, locating and preventing second-order SQL injections (SQLPsdem). The static analysis first locates SQL statements in web applications and identifies all data sources and injection points (e.g., Post, Sessions, Database, File names) that injection attacks can exploit. After that, we reconstruct the SQL statements and use attack engines to jointly generate attacks to cover all the state-of-the-art attack patterns so as to exploit these applications. We then use proxy-based dynamic execution to capture the data transmitted between web applications and their databases. The data are the reconstructed SQL statements with variable values from the attack payloads. If a web application is vulnerable, the data will contain malicious attacks on the database. We match the data with rules formulated by attack patterns to detect first and second-order SQL injection vulnerabilities in web applications, particularly the second-order ones. We use a representative and complete coverage of attack patterns and precise matching rules to reduce false results. By escaping and truncating malicious payloads in the data transmitted from the web application to the database, we can eliminate the possible negative impact of the data on the database. In the evaluation, by generating 52,771 SQL injection attacks using four attack generators, SQLPsdem successfully detects 26 second-order (including 13 newly discovered ones) and 375 first-order SQL injection vulnerabilities in 12 open-source web applications. SQLPsdem can also 100% eliminate the malicious impact of the data with negligible overhead.

engineering, electrical & electronic,computer science, software engineering

Ye Yuan,Yuliang Lu,Kailong Zhu,Hui Huang,Yuanchao Chen,Yifan Zhang

DOI: https://doi.org/10.3390/electronics13152946

IF: 2.9

2024-07-27

Electronics

Abstract:Fuzz testing technology is an important approach to detecting SQL injection vulnerabilities. Among them, coverage-guided gray-box fuzz testing technology is the current research focus, and has been proved to be an effective method. However, for SQL injection vulnerability, coverage-guided gray-box fuzz testing as a detection method has the problems of low efficiency and high false positives. In order to solve the above problems, we propose a potentially vulnerable code-guided gray-box fuzz testing technology. Firstly, taint analysis technology is used to locate all the taint propagation paths containing potential vulnerabilities as potentially vulnerable codes. Then, the source code of the application program is instrumented according to the location of the potentially vulnerable code. Finally, the feedback of seeds during the run is used to guide seed selection and seed mutation, and a large number of test cases are generated. Based on the above techniques, we implement the sqlFuzz prototype system, and use this system to analyze eight modern PHP applications. The experimental results show that sqlFuzz can not only detect more SQL injection vulnerabilities than the existing coverage-guided gray box fuzz testing technology, but also significantly improve the efficiency, in terms of time efficiency increased by 80 percent.

engineering, electrical & electronic,physics, applied,computer science, information systems

Zhenqing Qu,Xiang Ling,Ting Wang,Xiang Chen,Shouling Ji,Chunming Wu

DOI: https://doi.org/10.1109/tifs.2024.3350911

IF: 7.231

2024-02-02

IEEE Transactions on Information Forensics and Security

Abstract:As the first defensive layer that attacks would hit, the web application firewall (WAF) plays an indispensable role in defending against malicious web attacks like SQL injection (SQLi). With the development of cloud computing, WAF-as-a-service, as one kind of Security-as-a-service, has been proposed to facilitate the deployment, configuration, and update of WAFs in the cloud. Despite its tremendous popularity, the security vulnerabilities of WAF-as-a-service are still largely unknown, which is highly concerning given its massive usage. In this paper, we propose a general and extendable attack framework, namely AdvSQLi, in which a minimal series of transformations are performed on the hierarchical tree representation of the original SQLi payload, such that the generated SQLi payloads can not only bypass WAF-as-a-service under black-box settings but also keep the same functionality and maliciousness as the original payload. With AdvSQLi, we make it feasible to inspect and understand the security vulnerabilities of WAFs automatically, helping vendors make products more secure. To evaluate the attack effectiveness and efficiency of AdvSQLi, we first employ two public datasets to generate adversarial SQLi payloads, leading to a maximum attack success rate of 100% against state-of-the-art ML-based SQLi detectors. Furthermore, to demonstrate the immediate security threats caused by AdvSQLi, we evaluate the attack effectiveness against 7 WAF-as-a-service solutions from mainstream vendors and find all of them are vulnerable to AdvSQLi. For instance, AdvSQLi achieves an attack success rate of over 79% against the F5 WAF. Through in-depth analysis of the evaluation results, we further condense out several general yet severe flaws of these vendors that cannot be easily patched.

computer science, theory & methods,engineering, electrical & electronic