通信学报
• 学术论文 • 上一篇 下一篇
乐德广,李 鑫,龚声蓉,郑力新
出版日期:
发布日期:
基金资助:
Online:
Published:
摘要: 面对新的Web技术环境,提出了3种新型二阶SQL注入技术:二阶SQL盲注、二阶SQL注入攻击操作系统和客户端二阶SQL注入。实验测试证明所提出的3种新型二阶SQL注入广泛存在于Web应用中,并且3种新型二阶注入技术可以实现对服务器和客户端的有效攻击。
关键词: SQL;二阶SQL注入;盲注;攻击载荷
Abstract: With the environment of new Web technologies, three kinds of second-order SQL injection techniques were proposed: blind second-order SQL injection, second-order SQL injection attacks the operating system and client second-order SQL injection. Experiments show that second-order SQL injection vulnerabilities exist widely in Web applications, and the proposed new second-order injection techniques can effectively commit attacks both server and client.
Key words: SQL; second order SQL injection; blind injection; attack payload
乐德广,李 鑫,龚声蓉,郑力新. 新型二阶SQL注入技术研究[J]. 通信学报, doi: 10.11959/j.issn.1000-436x.2015285.
0 / / 推荐
导出引用管理器 EndNote|Reference Manager|ProCite|BibTeX|RefWorks
链接本文: https://www.infocomm-journal.com/txxb/CN/10.11959/j.issn.1000-436x.2015285
https://www.infocomm-journal.com/txxb/CN/Y2015/V36/IZ1/85