跨網頁語言平台之SQL Injection攻擊產生系統

Abstract

現今網際網路已成為生活中不可或缺的溝通媒介，人們透過網頁應用程式存取及瀏覽各種資訊。但由於程式開發人員的疏忽，造成可能影響安全性的漏洞，駭客可藉由漏洞取得權限，進行非法資料存取或破壞。 我們所提出的方法為跨網頁語言平台的 SQL隱碼攻擊系統，已整合至先前的 CRAXweb 網頁攻擊平台中，能針對目標網頁應用程式自動產生脅迫(exploit)資料，達到滲透測試的效果。本系統架構於S2E 符號執行環境，先透過網路爬蟲取得目標網頁應用程式的頁面網址，再於HTTP請求中安插符號變數，送往部署有符號資料偵測器的伺服器。符號執行過程中，我們採用單一路徑擬真執行方式來取得路徑限制式，以增加效能，並藉此進行脅迫產生。現已測試多種網頁語言之開源網頁應用程式，使用語言包括 PHP,Perl,C/C++ 與 Python，已能成功產生對應的攻擊字串或漏洞偵測。

Internet has been an important communication media for our daily life. Most of us access information and save our personal private data in the database through web applications. However, due to the ignorance of secure programming practice of web programmers, hackers may be able to access or destroy data through potential web vulnerabilities. We developed a web platform independent SQL injection attack generation method to improve our former web attack framework called CRAXweb. The system is able to generate exploit for the target web application automatically and acts as a penetration test. CRAXweb is based on S2E, a symbolic execution platform. We accumulate the URLs of target web application through web crawler and send the HTTP request with symbolic variable to the symbolic sensor embedded in the server. For the purpose of improving efficiency of symbolic execution, we adopt the single path concolic execution mode to collect path constraint and generate the exploit. We have applied this method to several known vulnerabilities on open source web applications. The results reveal that CRAXweb is a practical exploit generation tool supporting different web platforms, including PHP, C/C++, Perl, and Python.