《网络攻击与防御》专题研究实验报告

XXXXXXXXXXXXXXXXXXXXXX学学院院网网络络工工程程系系《《网网络络攻攻击击与与防防御御》》报报告告————SSQQLL注注入入攻攻击击技技术术专专题题研研究究学学生生：：XXXXXXXXXXXXXXXXXXXXXX班班级级：：XXXXXXXXXXXXXXXXXXXXXX撰撰写写时时间间：：XXXXXXXXXXXXXXXXXXXX摘要由于现今信息技术发展迅速，网络安全越来越成为虚拟网络中不可或缺的一部分。然而，因为各种Web服务器的漏洞与程序的非严密性，导致针对服务器的脚本攻击时间日益增多，其大多数是通过ASP或者PHP等脚本主图作为主要攻击手段，加之Web站点迅速膨胀的今天，基于两者的SQL注入也慢慢成为目前攻击的主流方式。其应用方式主要集在利用服务端口接收用户输入的功能，将构造的语句传给数据库服务器，让其执行者开发者规定外的任务。目前至少70%以上的Web站点存在着SQL注入的缺陷，恶意用户便可以利用服务器、数据库配置的疏漏和精心构造的非法语句通过程序或脚本侵入服务器获得网站管理员的权限和数据库的相关内容，严重的还可以获得整个服务器所在内网的系统信息，它们的存在不仅对数据库信息造成威胁，甚至还可以威胁到系统和用户本身。本文针对SQL注入技术进行专题研究，进行工具注入和手动注入两种途径的实验分析。全文共分为五个章节：第一章为全文引言部分，简单介绍本次专题研究背景、来源以及研究意义；第二章阐述SQL注入技术的背景与网络环境；第三章详细介绍本次专题研究SQL注入攻击的实验过程和结果分析；第四章进行本次专题研究的总结及实验心得。关键词：SQL，注入，权限，网络攻击AbstractDuetotherapiddevelopmentofinformationtechnologytoday,networksecuritybecomeanintegralpartofthevirtualnetwork.However,becauseofvariousWebserverandprocedureoftheloopholesforserverrigorleadstoincreasingthescriptagainsttime,itsmostisthroughtheASPorPHPetcfeetasthemainattackmeansownerisgraph,togetherwiththerapidexpansionofWebpillowmat,basedonbothtodaySQLinjectionalsoslowlybecomethemainstreamway.AttackItsapplicationinthemainmeanssetbyserviceportsreceiveuserinputfunction,willconstructsentencestodatabaseserver,makeitsexecutivesdevelopersspecifiedtasks.Atleastmorethan70percentoftheWebsiteexistdefectsofSQLinjection,malicioususerscanuseserver,databaseconfigurationthedefectsandelaboratestructureofillegalstatementsprogramsorscriptsinvadesserverbywebsiteadministratorpermissionsandobtainedthedatabase,seriousstillrelevantcontentcanbeobtainedinthewholeserverconnectionsysteminformation,theyexisttothreatennotonlydatabaseinformation,andeventhreatensystemsandusersitself.ThispaperresearchprojectsinSQLinjectiontechnology,toolsandmanuallyinjectionintotheexperimentalanalysisoftwokindsofways.Fulltextisdividedintofivesections:thefirstchapterforfulltextintroductionsection,andbrieflyintroducesthekeynoteresearchbackground,sourcesandresearchsignificance;ThesecondchapterSQLinjectiontechnologybackgroundpaperwithnetworkenvironment;ThethirdchapterofthisprojectareintroducedindetailSQLinjectionattackexperimentalprocessandresultanalysis;Thefourthchapterofthisprojectsummaryandexperimentalresult.Keywords:SQL,infuse,privileges,cyberattacks目录Abstract...........................................................................................................................................................2第一章引言...................................................................................................................................................51.1专题背景..........................................................................................................................................51.1.1网络安全的根源...................................................................................................................51.1.2网络信息安全的定义...........................................................................................................61.1.3网络信息安全的现状...........................................................................................................61.2专题来源于研究意义......................................................................................................................7第二章SQL注入的背景与网络环境...........................................................................................................82.1SQL注入攻击网络背景...................................................................................................................82.1.1攻击平台Web网络架构......................................................................................................82.1.2SQL数据库语言....................................................................................................................92.2SQL注入技术定义.........................................................................................................................102.3SQL注入技术特点.........................................................................................................................112.4SQL注入技术原理.........................................................................................................................112.4.1SQL注入攻击实现原理......................................................................................................112.4.2SQL注入攻击实现过程......................................................................................................12第三章SQL注入攻击实例分析.................................................................................................................133.1工具注入攻击................................................................................................................................133.1.1注入工具简介.....................................................................................................................133.1.2SQL注入Access数据库实现过程.....................................................................................143.1.3SQL注入MYSQL数据库实现过程..................................................................................173.2手动注入攻击................................