Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Filling type remote bug PoC (proof of concept) writing method and bug detection method

A filling and loophole technology, applied in the network field, can solve the problem of not necessarily mastering programming ability, and achieve the effect of convenient batch vulnerability detection, convenient calling, and simplifying the writing process

Inactive Publication Date: 2017-05-31
北京知道未来信息技术有限公司
View PDF4 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] For many security personnel, due to the research needs of vulnerabilities, they can master network request technology, understand the principle of network requests, and understand vulnerability analysis and manual testing, but because programming ability is not necessary for the process of finding and analyzing vulnerabilities ability, so it is not necessary to master the programming ability. If you want to implement PoC and batch vulnerability testing after discovering the vulnerability, you have to ask others for help, and you have no ability to implement it yourself.
[0010] Therefore, in the traditional PoC writing method, only security personnel with security and programming capabilities can write PoC

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Filling type remote bug PoC (proof of concept) writing method and bug detection method
  • Filling type remote bug PoC (proof of concept) writing method and bug detection method
  • Filling type remote bug PoC (proof of concept) writing method and bug detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042] The preferred embodiments will be described in detail below in conjunction with the accompanying drawings. It should be emphasized that the following description is only exemplary and not intended to limit the scope of the invention and its application.

[0043] Process flow of the present invention is:

[0044] 1) The framework provides a standard remote PoC writing template

[0045] 2) On the premise that the vulnerability analysis and testing have been completed, the PoC writer then extracts the content corresponding to the items that need to be filled in the template from the vulnerability analysis results according to the filling items of the template, and fills in the requested parameters, addresses, and methods And the result judgment condition (the template on the right of this step is already standard and fixed, and can be filled in through the online page, without sticking to JSON or XML format).

[0046] 3) Output the filled PoC writing template to the PoC ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a filling type remote bug PoC(proof of concept) writing method and a bug detection method. The detection method comprises steps as follows: 1), a plurality of PoC writing templates and a template analysis processing frame are created; 2), a user inputs test information of a target remote bug through the PoC writing templates, and the test information comprises parameters of a bug test HTTP (hypertext transfer protocol) request, a request address, a request method and a result judgment condition; 3), the template analysis processing frame is used for analyzing the PoC writing templates after being filled by the user so as to acquire information required for initiating the HTTP request, and then the HTTP request is generated and executed; 4), the template analysis processing frame judges whether content fed back through execution of the HTTP request contains the target remote bug according to the result judgment condition.

Description

technical field [0001] The invention relates to a filling-type remote loophole PoC writing method and a loophole detection method, belonging to the technical field of networks. Background technique [0002] PoC: Proof of Concept, proof of concept, refers to the verification program of the vulnerability. [0003] Payload: Payload refers to the part of the vulnerability detection code that implements the detection function. PoC is also a type of Payload. [0004] Fuzzing: Fuzz testing, an automatic software testing technique based on defect injection. [0005] General vulnerability: refers to a vulnerability generated in a certain general component (such as Wordpress, Nginx, etc.), and the emergence of such a vulnerability may affect many websites and applications that use this component. [0006] The invention relates to the writing technology of general vulnerability PoC. Today, when vulnerabilities are increasingly abundant and diverse, general vulnerability detection me...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/57
CPCG06F21/577
Inventor 张祖优
Owner 北京知道未来信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com