计算机科学 ›› 2012, Vol. 39 ›› Issue (Z11): 415-417.
• 图形图像 • 上一篇 下一篇
冯谷,高鹏
出版日期:
发布日期:
Online:
Published:
摘要: SQL注入技术主要是通过提交非正常SQI查询语句,绕过数据库权限限制,查询出网站用户信息,包括网站后台管理员、网站用户资料等。利用SQL注入,可以获取网站管理员权限,对网站造成非常严重的影响。新型SQL注入技术与传统SQL注入技术相比,虽然两者原理是相通的,但前者加入了很多最新应用的攻击技术,注入手段也有差异。分析了SQL注入的成因,并结合SQL注入防火墙的源代码,详细地分析了3种新型SQL注入技术。
关键词: 新型SQL注入,SQL注入防火墙,SQL注入成因
Abstract: SQL injection technictue is mainly through the submission of abnormal SQL query, bypassing the database access restrictions, check out the website user information, including the web site administrator, user data. The permission of the webmaster of the site can be obtained by using SQL injection, so it cause a very serious impact The novel SQL injection technology and traditional SQL injection technology, although both the principle is the same, but the former joined the attack techniques of many of the latest applications, injection means arc different This paper analyzes the eauses of SQL injection,and the combined SQL injection firewall source code,a detailed analysis of three novel SQL injection technology.
Key words: Novel SQL injection,Injection of SQL firewall,SQL injection causes
冯谷,高鹏. 新型sQL注入技术研究与分析[J]. 计算机科学, 2012, 39(Z11): 415-417. https://doi.org/
0 / / 推荐
导出引用管理器 EndNote|Reference Manager|ProCite|BibTeX|RefWorks
链接本文: https://www.jsjkx.com/CN/
https://www.jsjkx.com/CN/Y2012/V39/IZ11/415
Cited
首页