应用异常监控
数据库异常监控
在SQL注入的探测阶段,或者报错注入的攻击阶段,通常会在数据库产生大量的异常。因此,通过监控异常可以有效的发现的SQL注入攻击。目前我们所有支持的数据库均可以监控SQL异常,且异常代码可以在插件里配置。
插件里默认监控的SQL异常如下,具体请参考官方插件的 sql_exception 检测算法。
MySQL
错误编号 | 报警样例 |
---|
1060 | Duplicate column name ‘5.5.60-0ubuntu0.14.04.1’ |
1062 | Duplicate entry ‘::root@localhost::1’ for key ‘group_key’ |
1064 | You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘) from mysql.user’ at line 1 |
1105 | XPATH syntax error: ‘~root@localhost~’ |
1367 | Illegal non geometric ‘user()’ value found during parsing |
PostgreSQL
错误编号 | 报警样例 |
---|
42601 | normal syntax error |
22P02 | ERROR: invalid input syntax for type double precision: “DATABASE: test1” |
SQLite
错误编号 | 报警样例 |
---|
1 | generic error, like syntax error、malformed MATCH expression: [“3.6.23.1] and other |
Oracle
错误编号 | 报警样例 |
---|
ORA-01740 | missing double quote in identifier |
ORA-01756 | quoted string not properly terminated |
ORA-00907 | missing right parenthesis |
HSQL
错误编号 | 报警样例 |
---|
-5583 | malformed quoted identifier |
-5590 | unexpected end of statement |
SQLServer
错误编号 | 报警样例 |
---|
105 | Unclosed quotation mark after the character string ‘%.ls’. |
245 | Conversion failed when converting the %ls value ‘%.ls’ to data type %ls. |
DB2
错误编号 | 报警样例 |
---|
42603 | The string constant beginning with “‘xxx” does not have an ending string |
FAQ
1. Unable to derive error code from SQL exceptions 错误
当MySQL服务器与JDBC驱动不兼容,我们将无法从异常消息里提取SQL错误代码,并打印这个错误。比如 JDBC 5.1.46 + MySQL 5.5 就会出现这个问题,可以考虑升级JDBC驱动到对应的版本来解决。
这个错误会让数据库异常监控失效。