基于容器技术的UnionSQL注入课程实验题设计

打开文本图片集

中图分类号：TP393

文献标识码：A 文章编号：2096-4706（2025）16-0163-05

Design of Union SQL Injection Course Experimental Questions Based on Container Technology

XIANG Xunwen， LYU Bo， ZHANG Zhen， MA Simeng， XU Tao （Huizhou University，Huizhou 516o07，China）

Abstract：This paper presents an experimental question design scheme for Union SQL injection course based on container technology.Ittargets teissuesencounteredintaditionalteachngmodes，includingtecomplexityofsetingupenioments， inadequateteaching effectivenessanddiffcultis inhomeworkassessment.Bythoughtfullycreatingasetofhghlytargeted experimental questions，studentscan progressivelyacquire keysteps suchasbypasing login forms，determining thenumber of columns，and injecting databasenames in Union SQLinjectionthrough practice.Theuseofcontainer technology facilitates therapidcreationofisolatedpracticeenvironmentsforeach student，ensuringthatthereisnointerferencebetweendiferent environments.Furthermore，eachstudent'sanswer tothesamequestionisunique，andthequestions areinfused withrandom elements.This guarantees thatthe steps needed to solve thesamequestionvaryforeach student， herebyefectivelydiminishing the chances of cheating.

Keywords：containter;CTF; SQL injection; experimental questior

0 引言

在面向网络空间安全专业学生的SQL注入教学中，通常首先讲解UnionSQL注入（联合SQL注入），涉及的内容包括SQL查询语句的基础语法、SQL注入的原理、Union关键词的用法、字段数的判断、数据库名查询、表名查询、字段名查询、表中数据查询等，步骤较多，完整讲解和演示这些内容需要花费大量时间[1-3]。（剩余6973字）