摘要
介绍了SQL注入的原理、攻击和防范技术,并通过设计具体实验方案演示了SQL注入攻击与防范的全过程及细节。通过搭建存在SQL注入漏洞的Web网站并对其进行SQL注入攻击,观察被攻击的效果,进行漏洞修复。对漏洞修复后的系统进行攻击,并对比修复漏洞前后的现象,以此得出SQL注入漏洞的原理、产生原因、对应攻击原理及如何防范漏洞,加深对SQL注入的理解。
This paper introduces the principle, attack and prevention technology of SQL injection, and demonstrates the whole process and details of SQL injection attack and prevention by designing a concrete experimental scheme. By building a web site with SQL injection vulnerabilities and using SQL injection attacks, we observe the effects of the attack, and then repair the vulnerabilities. The system after bug fixes is also attacked, and is compared with the phenomena before the repair of the loophole. This shows the principles and causes of SQL injection vulnerabilities, the principles of corresponding attacks and how to prevent loopholes, so as to enhance the understanding of SQL injection.
作者
王德高
徐王楚
王立明
刘向东
WANG De-gao;XU Wang-chu;WANG Li-ming;LIU Xiang-dong(School of Computer Science and Engineering,Dalian Minzu University,Dalian Liaoning 116650,China)
出处
《大连民族大学学报》
2019年第5期441-444,共4页
Journal of Dalian Minzu University
基金
辽宁省本科教育教学改革项目(2015-667)
辽宁省应用型转型发展试点专业建设项目(2016-70)
大连民族大学教育教学改革项目(ZB201902,ZD201910)
