Relational databases are integral to modern information systems, serving as
the foundation for storing, querying, and managing data efficiently and
effectively. Advancements in large language modeling have led to the emergence
of text-to-SQL technologies, significantly enhancing the querying and
extracting of information from these databases and raising concerns about
privacy and security. Our research extracts the database schema elements
underlying a text-to-SQL model. Knowledge of the schema can make attacks such
as SQL injection easier. By asking specially crafted questions, we have
developed a zero-knowledge framework designed to probe various database schema
elements without knowledge of the database itself. The text-to-SQL models then
process these questions to produce an output that we use to uncover the
structure of the database schema. We apply it to specialized text-to-SQL models
fine-tuned on text-SQL pairs and generative language models used for SQL
generation. Overall, we can reconstruct the table names with an F1 of nearly
.75 for fine-tuned models and .96 for generative.

通过特别设计的问题，我们开发了一种零知识的框架，用于探测数据库模式的各种元素，从而揭示数据库模式的结构。我们将其应用于文本到 SQL 模型和生成语言模型，可以在细调模型中以近.75 的 F1 值和生成模型中以.96 的 F1 值重建表名。

揭示数据库的漏洞：文本到 SQL 系统中的零知识模式推理攻击

Unmasking Database Vulnerabilities: Zero-Knowledge Schema Inference  Attacks in Text-to-SQL Systems

Due to the increasing sophistication of web attacks, Web Application
Firewalls (WAFs) have to be tested and updated regularly to resist the
relentless flow of web attacks. In practice, using a brute-force attack to
discover vulnerabilities is infeasible due to the wide variety of attack
patterns. Thus, various black-box testing techniques have been proposed in the
literature. However, these techniques suffer from low efficiency. This paper
presents Reinforcement-Learning-Driven and Adaptive Testing (RAT), an automated
black-box testing strategy to discover injection vulnerabilities in WAFs. In
particular, we focus on SQL injection and Cross-site Scripting, which have been
among the top ten vulnerabilities over the past decade. More specifically, RAT
clusters similar attack samples together. It then utilizes a reinforcement
learning technique combined with a novel adaptive search algorithm to discover
almost all bypassing attack patterns efficiently. We compare RAT with three
state-of-the-art methods considering their objectives. The experiments show
that RAT performs 33.53% and 63.16% on average better than its counterparts in
discovering the most possible bypassing payloads and reducing the number of
attempts before finding the first bypassing payload when testing
well-configured WAFs, respectively.

本文介绍了一种基于强化学习驱动的自适应黑盒测试策略，用于发现 Web 应用防火墙中的注入漏洞，通过聚类攻击样本并结合自适应搜索算法，有效地发现几乎所有的绕过攻击模式，实验证明该方法在测试配置良好的 WAF 时相比于其他方法可提高 33.53% 的绕过有效载荷发现率，并在找到第一个绕过有效载荷之前减少 63.16% 尝试次数。