A Static Detection Method for SQL Injection Vulnerability Based on Program Transformation

Yuan, Ye; Lu, Yuliang; Zhu, Kailong; Huang, Hui; Yu, Lu; Zhao, Jiazhen

doi:10.3390/app132111763

Applied Sciences

2023

DOI: 10.3390/app132111763

|View full text |Cite

A Static Detection Method for SQL Injection Vulnerability Based on Program Transformation

Ye Yuan,

Yuliang Lu,

Kailong Zhu

et al.

Abstract: Static analysis is popular for detecting SQL injection vulnerabilities. However, due to the lack of accurate modeling of object-oriented database extensions, current methods fail to accurately detect SQL injection vulnerabilities in applications that use object-oriented database extensions. We propose a program transformation-based SQL injection vulnerability detection method to address this issue. This method consists of two stages: program transformation and vulnerability detection. In the first stage, objec… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2024

Publication Types

Select...

Article2

Relationship

Self Cite0

Independent2

Authors

Journals

Cited by 2 publications

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

SqliGPT: Evaluating and Utilizing Large Language Models for Automated SQL Injection Black-Box Detection

Gui,

Wang,

Deng

et al. 2024

Applied Sciences

View full text Add to dashboard Cite

SQL injection (SQLI) black-box detection, which simulates external attack scenarios, is crucial for assessing vulnerabilities in real-world web applications. However, existing black-box detection methods rely on predefined rules to cover the most common SQLI cases, lacking diversity in vulnerability detection scheduling and payload, suffering from limited efficiency and accuracy. Large Language Models (LLMs) have shown significant advancements in several domains, so we developed SqliGPT, an LLM-powered SQLI black-box scanner that leverages the advanced contextual understanding and reasoning abilities of LLMs. Our approach introduces the Strategy Selection Module to improve detection efficiency and the Defense Bypass Module to address insufficient defense mechanisms. We evaluated SqliGPT against six state-of-the-art scanners using our SqliMicroBenchmark. Our evaluation results indicate that SqliGPT successfully detected all 45 targets, outperforming other scanners, particularly on targets with insufficient defenses. Additionally, SqliGPT demonstrated excellent efficiency in executing detection tasks, slightly underperforming Arachni and SQIRL on 27 targets but besting them on the other 18 targets. This study highlights the potential of LLMs in SQLI black-box detection and demonstrates the feasibility and effectiveness of LLMs in enhancing detection efficiency and accuracy.

show abstract

SqliGPT: Evaluating and Utilizing Large Language Models for Automated SQL Injection Black-Box Detection

Gui,

Wang,

Deng

et al. 2024

Applied Sciences

View full text Add to dashboard Cite

show abstract

sqlFuzz: Directed Fuzzing for SQL Injection Vulnerability

Yuan,

Lu,

Zhu

et al. 2024

Electronics

View full text Add to dashboard Cite

Fuzz testing technology is an important approach to detecting SQL injection vulnerabilities. Among them, coverage-guided gray-box fuzz testing technology is the current research focus, and has been proved to be an effective method. However, for SQL injection vulnerability, coverage-guided gray-box fuzz testing as a detection method has the problems of low efficiency and high false positives. In order to solve the above problems, we propose a potentially vulnerable code-guided gray-box fuzz testing technology. Firstly, taint analysis technology is used to locate all the taint propagation paths containing potential vulnerabilities as potentially vulnerable codes. Then, the source code of the application program is instrumented according to the location of the potentially vulnerable code. Finally, the feedback of seeds during the run is used to guide seed selection and seed mutation, and a large number of test cases are generated. Based on the above techniques, we implement the sqlFuzz prototype system, and use this system to analyze eight modern PHP applications. The experimental results show that sqlFuzz can not only detect more SQL injection vulnerabilities than the existing coverage-guided gray box fuzz testing technology, but also significantly improve the efficiency, in terms of time efficiency increased by 80 percent.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

A Static Detection Method for SQL Injection Vulnerability Based on Program Transformation

Cited by 2 publications

References 28 publications

SqliGPT: Evaluating and Utilizing Large Language Models for Automated SQL Injection Black-Box Detection

SqliGPT: Evaluating and Utilizing Large Language Models for Automated SQL Injection Black-Box Detection

sqlFuzz: Directed Fuzzing for SQL Injection Vulnerability

Contact Info

Product

Resources

About