臺灣博碩士論文加值系統

網路已然成為現今每個人生活中不可或缺的媒介。人們經常透由網頁 應用程式瀏覽或存取所需的資訊。但在這個過程中，可能由於網頁開發人員的疏忽或在設計上存在瑕疵，造成安全性的漏洞，使攻擊者可以透過漏洞獲取權限、竊取或破壞資料。SQL資料隱碼攻擊是一種常見的網路攻擊手法，它對網頁應用程式造成了不可忽視的危害。儘管自動攻擊工具是專門為這種攻擊而設計的，但卻很少有人在文獻中針對SQL資料隱碼自動攻擊工具進行深入討論。
我們在論文中設計及實現SQL資料隱碼自動攻擊工具衡量性能的方法。其中滲透測試網頁（bWAPP 和 DVWA）是基於 KALI 作業系統建立的，通過收集、分析和比較 Sqlmap、Jsql、Sqlsus 和 Havij 工具的攻擊payload並選定不同安全級別配置的測試網頁來有效評估它們，進而討論各工具的優缺點。我們的貢獻可以區分為三個部分。首先，我們設計並實現一種通用方法來針對 SQL 資料隱碼攻擊工具進行測量研究。其次，我們找出可能導致攻擊失敗的問題點，並提出相對應的解決方案。最後，我們根據實驗研究結果對各攻擊工具的性能、有效性和可用性進行了深入而全面的討論。

The Web has become an indispensable medium in everyone's life nowadays. People often browse or access required information through web applications. However, in this process, web developers' negligence or flaws in design may likely cause security vulnerabilities, enabling attackers to obtain permissions through vulnerabilities to steal data or destroy them. SQL injection is a prevalent network attack method that has caused unpredictable damages from web applications. Although automated attack tools are designed specifically for this attack, few are discussed in-depth in the literature.
In this thesis, we design and implement approaches to measure the performance and discuss the pros and cons of automated SQL injection tools. Our approach is based on KALI operating system and established penetration testing web pages (bWAPP and DVWA). We evaluate Sqlmap, Jsql, Sqlsus, and Havij tools by collecting, analyzing, and comparing their attack payloads against selected testing web pages configured in different security levels. Our contribution is three-fold. First, we design and implement a generic approach to perform measurement studies against SQL injection tools. Second, we identify obstacles that could lead to injection failures and propose solutions to overcome the obstacles for the selected tools. Finally, we give in-depth and comprehensive discussions on the performance, effectiveness, and usability based on the measurement results.

第一章、 緒論 1
1.1 研究背景與動機 1
1.2 研究目的 1
1.3 研究範疇 1
1.4 研究架構與流程 2
第二章、 文獻探討 3
2.1 資安問題 3
2.2 SQL資料隱碼攻擊產生原因 3
2.3 SQL資料隱碼攻擊手法分類 4
第三章、 研究實作 12
3.1 實驗整體架構說明 12
3.2 目標網站A-bWAPP 13
3.3 目標網站B-DVWA 15
3.4 SQL Injection工具介紹 18
3.5 Payload收集方式 20
3.6 工具效能評判標準 20
3.7 工具攻擊成功所需最低參數設定量 22
第四章、 研究成果 23
4.1 實驗成果 23
4.2 工具優劣分析 36
第五章、 議題討論 38
5.1 bWAPP編碼為utf8搭配addslash()無法隱碼攻擊成功 38
5.2 使用工具針對DVWA網址隱碼攻擊問題 39
5.3 Sqlsus在目標網站bWAPP的Boolean-Blind上無法成功注入問題 40
5.4 DVWA High Level使用Sqlmap達成攻擊 40
5.5 檢測網址注入點及後端資料庫管理系統小工具 41
第六章、 結論與未來展望 43
6.1 結論 43
6.2 未來展望 44
參考文獻 45

[1] OWASP,“Top Ten 2017”,https://owasp.org/www-project-top-ten/A1_2017-Injection
[2] OWASP,“Top Ten 2021”, https://owasp.org/Top10/
[3] CWE, “2021 CWE Top 25 Most Dangerous Software Weaknesses”, https://cwe.mitre.org/ top25/archive/2021/2021_cwe_top25.html
[4] Chad Dougherty, “Practical Identification of SQL Injection Vulnerabilities”, Carnegie Mellon University. Produced for US-CERT, a government organization,2012
[5] Zainab S. Alwan and Manal F. Younis, “Detection and Prevention of SQL Injection Attack: A Survey”, International Journal of Computer Science and Mobile Computing,2017
[6] Subhranil Som, Sapna Sinha and Ritu Kataria, “STUDY ON SQL INJECTION ATTACKS: MODE,DETECTION AND PREVENTION”, International Journal of Engineering Applied Sciences and Technology,2016
[7] OWASP, “SQL Injection”, https://owasp.org/www-community/attacks/SQL_Injection
[8] ZHAI Bao-feng, “Analysis and Prevention of SQL Injection Attack”, Journal of Liaoning University of Technology(Natural Science Edition),2021
[9] Limei Ma and Yijun Gao, “Research on SQL Injection Attack and Prevention Technology Based on Web”, International Conference on Computer Network, Electronic and Automation (ICCNEA),2019
[10] William G.J. Halfond, Jeremy Viegas, and Alessandro Orso, “A Classification of SQL Injection Attacks and Countermeasures”, College of Computing Georgia Institute of Technology,2006
[11] Juhi Gupta and Ruchi Singhal, “SQL Injections-A threat to Web Applications”,International Journal of Research in Computer Science,2015
[12] Diallo Abdoulaye Kindy and Al-Sakib Khan Pathan, “A SURVEY ON SQL INJECTION: VULNERABILITIES, ATTACKS, AND PREVENTION TECHNIQUES”, IEEE 15th International Symposium on Consumer Electronics,2011
[13] Amirmohammad Sadeghian, Mazdak Zamani, Shahidan M. Abdullah, “ A taxonomy of SQL Injection Attacks”, International Conference on Informatics and Creative Multimedia,2013
[14] Shubham Mukherjee and Sudeshna Bora, “SQL Injection: A Sample Review”, 6th ICCCNT, 2015
[15] Justin Clarke Paperback, “SQL Injection Attacks and Defense 2nd”, Syngress,2012
[16] bWAPP, “Home”, http://www.itsecgames.com/
[17] DVWA,“ Damn Vulnerable Web Application” , https://dvwa.co.uk/
[18] Sqlmap,“Sqlmap” , https://sqlmap.org/
[19] Jsql,“Jsql-injection”,https://github.com/ron190/jsql-injection
[20] Sqlsus,“Sqlsus”, http://sqlsus.sourceforge.net/
[21] Qayyum Shaheer,“Havij”, https://dekisoft.com/havij-download-2021/#Havij_Free_ Download_ 2021_Latest_8211_1_SQL_Injection_Attack_Tool
[22] Mohd Shakir Zakaria, “How to log POST request data in Apache”, https://www.simplified.guide/apache/log-post