{"id":564,"date":"2017-03-06T16:50:27","date_gmt":"2017-03-06T16:50:27","guid":{"rendered":"http:\/\/1728efbda81692282ba642aafd57be3a"},"modified":"2017-09-21T15:48:23","modified_gmt":"2017-09-21T07:48:23","slug":"sql-injection-scans","status":"publish","type":"post","link":"https:\/\/www.xiaobo.li\/notes\/archives\/564","title":{"rendered":"sql injection scans"},"content":{"rendered":"<div class=\"content\">\n<p> <strong>\u6d4b\u8bd5SQL\u6ce8\u5165\u7684\u5de5\u5177\uff1a\u901a\u8fc7\u7cbe\u5ea6\u9009\u62e9\u8fd8\u662f\u5411\u91cf\u8986\u76d6\u7387\u9009\u62e9?<br \/>\n <\/strong> <\/p>\n<p>\n\u4e3a\u4e86\u56de\u7b54\u8fd9\u4e2a\u95ee\u9898\uff0c\u6211\u4eec\u4f7f\u7528\u4e86sectoolmarket.com\u7f51\u7ad9\u63d0\u4f9b\u7684\u6807\u51c6\u6d4b\u8bd5\u7ed3\u679c\uff0c\u6211\u4eec\u5148\u5047\u8bbe\u5019\u9009\u7684\u626b\u63cf\u7a0b\u5e8f\u7684\u6d4b\u8bd5\u7cbe\u5ea6\u548c\u5411\u91cf\u8986\u76d6\u7387\u6709\u76f8\u540c\u7684\u91cd\u8981<br \/>\n\u6027\u3002\u6211\u4eec\u5c06GET\u3002POST\uff0cHTTP Cookie\u548cHTTP<br \/>\nHeaders\u4f5c\u4e3a\u5e94\u8be5\u88ab\u652f\u6301\u7684\u8f93\u5165\u5411\u91cf\u3002\u5f53\u6240\u6709\u7684\u53c2\u6570\u90fd\u88ab\u652f\u6301\u65f6\uff0c\u8fd9\u4e2a\u626b\u63cf\u5668\u7684\u8986\u76d6\u8303\u56f4\u7684\u6bd4\u7387\u4e3a100%\uff084\/4\uff09\u3002 <\/p>\n<p> \u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u4e0b\u9762\u7684\u7b97\u672f\u65b9\u7a0b\u5f0f\uff0c\u4e5f\u5c31\u662f\u8bf4\u5bf9\u4e8e\u6f0f\u6d1e\u626b\u63cf\u5668\u7684\u5f97\u5206\u6c42\u4e00\u4e2a\u5e73\u5747\u503c\u3002 <\/p>\n<p> \u7136\u540e\u4ece\u5f97\u5230\u7684\u68c0\u6d4b\u51c6\u786e\u7387\u7684\u767e\u5206\u6bd4\u4e2d\uff0c\u6211\u4eec\u5217\u51fa\u524d14\u540d\u7684\u626b\u63cf\u5668\uff1a <\/p>\n<div>\n<table border=\"1\" cellpadding=\"0\" cellspacing=\"0\">\n<tbody>\n<tr>\n<td> Rank <\/td>\n<td> Vulnerability Scanner <\/td>\n<td> Vendor <\/td>\n<td> Detection Rate <\/td>\n<td> Input Vector Coverage <\/td>\n<td> Average Score <\/td>\n<\/tr>\n<tr>\n<td> 1 <\/td>\n<td> Arachni <\/td>\n<td> <a href=\"http:\/\/www.sectoolmarket.com\/vendors\/56.html\" rel=\"nofollow\">Tasos Laskos<\/a> <\/td>\n<td> 100.00% <\/td>\n<td> 100% <\/td>\n<td> 100.00% <\/td>\n<\/tr>\n<tr>\n<td> 2 <\/td>\n<td> Sqlmap <\/td>\n<td> <a href=\"http:\/\/www.sectoolmarket.com\/vendors\/37.html\" rel=\"nofollow\">sqlmap developers<\/a> <\/td>\n<td> 97.06% <\/td>\n<td> 100% <\/td>\n<td> 98,53% <\/td>\n<\/tr>\n<tr>\n<td> 3 <\/td>\n<td> IBM AppScan <\/td>\n<td> <a href=\"http:\/\/www.sectoolmarket.com\/vendors\/66.html\" rel=\"nofollow\">IBM Security Sys Division<\/a> <\/td>\n<td> 93.38% <\/td>\n<td> 100% <\/td>\n<td> 96,69% <\/td>\n<\/tr>\n<tr>\n<td> 4 <\/td>\n<td> Acunetix WVS <\/td>\n<td> <a href=\"http:\/\/www.sectoolmarket.com\/vendors\/13.html\" rel=\"nofollow\">Acunetix<\/a> <\/td>\n<td> 89.71% <\/td>\n<td> 100% <\/td>\n<td> 94,85% <\/td>\n<\/tr>\n<tr>\n<td> 5 <\/td>\n<td> NTOSpider <\/td>\n<td> <a href=\"http:\/\/www.sectoolmarket.com\/vendors\/61.html\" rel=\"nofollow\">NT OBJECTives<\/a> <\/td>\n<td> 85.29% <\/td>\n<td> 100% <\/td>\n<td> 92,64% <\/td>\n<\/tr>\n<tr>\n<td> 6 <\/td>\n<td> Nessus <\/td>\n<td> <a href=\"http:\/\/www.sectoolmarket.com\/vendors\/65.html\" rel=\"nofollow\">Tenable Network Security<\/a> <\/td>\n<td> 82.35% <\/td>\n<td> 100% <\/td>\n<td> 91,17% <\/td>\n<\/tr>\n<tr>\n<td> 7 <\/td>\n<td> WebInspect <\/td>\n<td> <a href=\"http:\/\/www.sectoolmarket.com\/vendors\/23.html\" rel=\"nofollow\">HP Apps Security Center<\/a> <\/td>\n<td> 75.74% <\/td>\n<td> 100% <\/td>\n<td> 87,87% <\/td>\n<\/tr>\n<tr>\n<td> 8 <\/td>\n<td> Burp Suite Pro <\/td>\n<td> <a href=\"http:\/\/www.sectoolmarket.com\/vendors\/59.html\" rel=\"nofollow\">PortSwigger<\/a> <\/td>\n<td> 72.06% <\/td>\n<td> 100% <\/td>\n<td> 86,03% <\/td>\n<\/tr>\n<tr>\n<td> 9 <\/td>\n<td> Cenzic Pro <\/td>\n<td> <a href=\"http:\/\/www.sectoolmarket.com\/vendors\/60.html\" rel=\"nofollow\">Cenzic<\/a> <\/td>\n<td> 63.24% <\/td>\n<td> 100% <\/td>\n<td> 81,62% <\/td>\n<\/tr>\n<tr>\n<td> 10 <\/td>\n<td> SkipFish <\/td>\n<td> <a href=\"http:\/\/www.sectoolmarket.com\/vendors\/7.html\" rel=\"nofollow\">Michal Zalewski \u2013 Google<\/a> <\/td>\n<td> 50.74% <\/td>\n<td> 100% <\/td>\n<td> 75,37% <\/td>\n<\/tr>\n<tr>\n<td> 11 <\/td>\n<td> Wapiti <\/td>\n<td> <a href=\"http:\/\/www.sectoolmarket.com\/vendors\/6.html\" rel=\"nofollow\">OWASP<\/a> <\/td>\n<td> 100.00% <\/td>\n<td> 50% <\/td>\n<td> 75.00% <\/td>\n<\/tr>\n<tr>\n<td> 12 <\/td>\n<td> Netsparker <\/td>\n<td> <a href=\"http:\/\/www.sectoolmarket.com\/vendors\/12.html\" rel=\"nofollow\">Mavituna Security<\/a> <\/td>\n<td> 98.00% <\/td>\n<td> 50% <\/td>\n<td> 74.00% <\/td>\n<\/tr>\n<tr>\n<td> 13 <\/td>\n<td> Paros Pro <\/td>\n<td> <a href=\"http:\/\/www.sectoolmarket.com\/vendors\/2.html\" rel=\"nofollow\">MileSCAN Technologies<\/a> <\/td>\n<td> 93.38% <\/td>\n<td> 50% <\/td>\n<td> 71,69% <\/td>\n<\/tr>\n<tr>\n<td> 14 <\/td>\n<td> ZAP <\/td>\n<td> <a href=\"http:\/\/www.sectoolmarket.com\/vendors\/51.html\" rel=\"nofollow\">OWASP<\/a> <\/td>\n<td> 77,21% <\/td>\n<td> 50% <\/td>\n<td> 63,60% <\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p> \u6211\u4eec\u53ef\u4ee5\u901a\u8fc7\u5bf9\u626b\u63cf\u5668\u7684\u626b\u63cf\u6f0f\u6d1e\u7684\u7cbe\u5ea6\u548c\u5411\u91cf\u8986\u76d6\u7387\u53d6\u5230\u7684\u5e73\u5747\u503c\uff0c\u505a\u51fa\u4e0b\u9762\u4e00\u4e2a\u56fe\u8868\u3002 <\/p>\n<p>\n<a target=\"_blank\" href=\"\/notes\/content\/uploadfile\/201703\/44ad1488790275.png\" id=\"ematt:519\"><img decoding=\"async\" src=\"\/notes\/content\/uploadfile\/201703\/44ad1488790275.png\" alt=\"\u70b9\u51fb\u67e5\u770b\u539f\u56fe\" border=\"0\" \/><\/a><\/p>\n<p>\n\u4e0b\u8868\u6765\u6e90\uff1a<a href=\"https:\/\/msdn.microsoft.com\/en-us\/library\/ms161953%28SQL.105%29.aspx\" target=\"_blank\">https:\/\/msdn.microsoft.com\/en-us\/library\/ms161953%28SQL.105%29.aspx<\/a><\/p>\n<p>When you can, reject input that contains the following characters.<\/p>\n<table summary=\"table\" border=\"1\">\n<tbody>\n<tr>\n<th scope=\"col\">\n<p>Input character<\/p>\n<\/th>\n<th scope=\"col\">\n<p>Meaning in Transact-SQL<\/p>\n<\/th>\n<\/tr>\n<tr>\n<td data-th=\"Input character\">\n<p>;<\/p>\n<\/td>\n<td data-th=\"Meaning in Transact-SQL\">\n<p>Query delimiter.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td data-th=\"Input character\">\n<p>'<\/p>\n<\/td>\n<td data-th=\"Meaning in Transact-SQL\">\n<p>Character data string delimiter.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td data-th=\"Input character\">\n<p>-- <\/p>\n<\/td>\n<td data-th=\"Meaning in Transact-SQL\">\n<p>Comment delimiter.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td data-th=\"Input character\">\n<p>\/* ... *\/<\/p>\n<\/td>\n<td data-th=\"Meaning in Transact-SQL\">\n<p>Comment delimiters. Text between \/* and *\/ is not evaluated by the server.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td data-th=\"Input character\">\n<p><strong>xp_<\/strong><\/p>\n<\/td>\n<td data-th=\"Meaning in Transact-SQL\">\n<p>Used at the start of the name of catalog-extended stored procedures, such as <strong>xp_cmdshell<\/strong>.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\n <\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<div class=\"content\">\n<p><strong>\u6d4b\u8bd5SQL\u6ce8\u5165\u7684\u5de5\u5177\uff1a\u901a\u8fc7\u7cbe\u5ea6\u9009\u62e9\u8fd8\u662f\u5411\u91cf\u8986\u76d6\u7387\u9009\u62e9?<br \/>\n<\/strong><\/p>\n<p>\n\u4e3a\u4e86\u56de\u7b54\u8fd9\u4e2a\u95ee\u9898\uff0c\u6211\u4eec\u4f7f\u7528\u4e86sectoolmarket.com\u7f51\u7ad9\u63d0\u4f9b\u7684\u6807\u51c6\u6d4b\u8bd5\u7ed3\u679c\uff0c\u6211\u4eec\u5148\u5047\u8bbe\u5019\u9009\u7684\u626b\u63cf\u7a0b\u5e8f\u7684\u6d4b\u8bd5\u7cbe\u5ea6\u548c\u5411\u91cf\u8986\u76d6\u7387\u6709\u76f8\u540c\u7684\u91cd\u8981<br \/>\n\u6027\u3002\u6211\u4eec\u5c06GET\u3002POST\uff0cHTTP Cookie\u548cHTTP<br \/>\nHeaders\u4f5c\u4e3a\u5e94\u8be5\u88ab\u652f\u6301\u7684\u8f93\u5165\u5411\u91cf\u3002\u5f53\u6240\u6709\u7684\u53c2\u6570\u90fd\u88ab\u652f\u6301\u65f6\uff0c\u8fd9\u4e2a\u626b\u63cf\u5668\u7684\u8986\u76d6\u8303\u56f4\u7684\u6bd4\u7387\u4e3a100%\uff084\/4\uff09\u3002 <\/p>\n<p> \u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u4e0b\u9762\u7684\u7b97\u672f\u65b9\u7a0b\u5f0f\uff0c\u4e5f\u5c31\u662f\u8bf4\u5bf9\u4e8e\u6f0f\u6d1e\u626b\u63cf\u5668\u7684\u5f97\u5206\u6c42\u4e00\u4e2a\u5e73\u5747\u503c\u3002 <\/p>\n<p> \u7136\u540e\u4ece\u5f97\u5230\u7684\u68c0\u6d4b\u51c6\u786e\u7387\u7684\u767e\u5206\u6bd4\u4e2d\uff0c\u6211\u4eec\u5217\u51fa\u524d14\u540d\u7684\u626b\u63cf\u5668\uff1a <\/p>\n<div>\n<table border=\"1\" cellpadding=\"0\" cellspacing=\"0\">\n<tbody>\n<tr>\n<td> Rank <\/td>\n<td> Vulnerability Scanner <\/td>\n<td> Vendor <\/td>\n<td> Detection Rate <\/td>\n<td> Input Vector Coverage <\/td>\n<td> Average Score <\/td>\n<\/tr>\n<tr>\n<td> 1 <\/td>\n<td> Arachni <\/td>\n<td><a href=\"http:\/\/www.sectoolmarket.com\/vendors\/56.html\" rel=\"nofollow\">Tasos Laskos<\/a><\/td>\n<td> 100.00% <\/td>\n<td> 100% <\/td>\n<td> 100.00% <\/td>\n<\/tr>\n<tr>\n<td> 2 <\/td>\n<td> Sqlmap <\/td>\n<td><a href=\"http:\/\/www.sectoolmarket.com\/vendors\/37.html\" rel=\"nofollow\">sqlmap developers<\/a><\/td>\n<td> 97.06% <\/td>\n<td> 100% <\/td>\n<td> 98,53% <\/td>\n<\/tr>\n<tr>\n<td> 3 <\/td>\n<td> IBM AppScan <\/td>\n<td><a href=\"http:\/\/www.sectoolmarket.com\/vendors\/66.html\" rel=\"nofollow\">IBM Security Sys Division<\/a><\/td>\n<td> 93.38% <\/td>\n<td> 100% <\/td>\n<td> 96,69% <\/td>\n<\/tr>\n<tr>\n<td> 4 <\/td>\n<td> Acunetix WVS <\/td>\n<td><a href=\"http:\/\/www.sectoolmarket.com\/vendors\/13.html\" rel=\"nofollow\">Acunetix<\/a><\/td>\n<td> 89.71% <\/td>\n<td> 100% <\/td>\n<td> 94,85% <\/td>\n<\/tr>\n<tr>\n<td> 5 <\/td>\n<td> NTOSpider <\/td>\n<td><a href=\"http:\/\/www.sectoolmarket.com\/vendors\/61.html\" rel=\"nofollow\">NT OBJECTives<\/a><\/td>\n<td> 85.29% <\/td>\n<td> 1...<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p> <a href=\"https:\/\/www.xiaobo.li\/notes\/archives\/564\">\u7ee7\u7eed\u9605\u8bfb <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[273],"tags":[],"class_list":["post-564","post","type-post","status-publish","format-standard","hentry","category-article"],"_links":{"self":[{"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/posts\/564","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/comments?post=564"}],"version-history":[{"count":0,"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/posts\/564\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/media?parent=564"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/categories?post=564"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.xiaobo.li\/notes\/wp-json\/wp\/v2\/tags?post=564"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}