越來越多的網站應用隨著網路的普及也跟著蓬勃發展起來,人們漸漸習慣這些網站服務,也因此越來越多的個人私密資料被放置在網路上。在Open Web Application Security Project (OWASP) 2013的研究報告中,前10名中的第一名是Injection威脅。Injection威脅包含了SQL Injection、OS Injection以及LDAP Injection,當中以SQL Injection最為常見。現在的網站其背後的資料庫內容都越來越龐大,而在資料庫內容若存在著會員的個人資訊;當網站有漏洞會被惡意使用者導出資料庫的內容時,即會有大量的個人資訊會外洩。這對個人會造成相當大的影響。 本研究針對SQL Injection這個問題,站在入侵者的思維,實作出本套系統,用以檢測網站是否存在SQL Injection威脅。本系統共有兩大功能:固定式掃描功能以及移動式掃描功能。透由調整網路爬蟲爬行的排程讓系統可以快速地過濾出網站存在有SQL Injection的鏈結。並且與市面上其他的網站檢測工具進行精確度與效能的比較,可以發現確實有優於其他檢測工具。 本研究確實可以正確的檢測網站是否存在有SQL Injection攻擊的漏洞存在,對於網站安全性檢測確實可以提供一個正確的建議,以利於網站開發者可以透過本研究的系統了解到該網站哪些部分是存在漏洞。
More and more public web sites contain personal private data and usually store them in an associated database. Web site security becomes important day by day, because once the web site has been compromised numerous private data potentially leak out, threatening to personal privacy. According to Open Web Application Security Project (OWASP) 2013 research, the injection is the first threat of the top 10. Injections contain SQL injection, OS injection and LDAP injection, where the SQL injection is the most threatening among them. This research proposed a penetration testing system aiming at effective and fast detection on website threat of SQL injection. The system has two options: static scanning and dynamic scanning, whose initial target Uniform Resource Locators (URLs) are given by manual setting or popular search engines, respectively. The proposed scheduler can adjust the priority of target URLs according to the degree of suspicion derived from the similarity to URLs of well-known leaks, and accelerate the whole SQL penetration process. Experiments show that both precision and speed of the proposed system are better than a free web penetration tool Paros. Website developers and administrators can quickly and effectively find potential information leaks with this system.