Abstract:
This paper introduces TDS protocol and communication between SQL Server database systems. Fuzzer for TDS protocol is done. Special packets are designed and three test methods of data mutation, string and field combination are implemented. The validity of the tool is proved by testing two known vulnerabilities of MS SQL Server.
Key words:
TDS protocol,
MS SQL Server,
block-based protocol analysis,
fuzzing
摘要: 在分析SQL Server数据库通信框架和TDS协议结构的基础上,编写了Fuzzer工具——TDS_fuzzer。该测试工具针对TDS协议设计特殊数据包,实现了数据转变、字符串、字段组合这3种测试方法。通过测试MS SQL Server的2个重要漏洞,验证了其有效性。
关键词:
表格格式数据流协议,
MS SQL Server数据库,
基于块的协议分析,
模糊化处理
CLC Number:
YU Jing; LU Yun-ping. Test Technique of Security Based on TDS Protocol[J]. Computer Engineering, 2008, 34(5): 134-135,.
余 静;鲁云萍. 基于TDS协议的安全性测试技术[J]. 计算机工程, 2008, 34(5): 134-135,.