Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 1 of 1
Full-Text Articles in Physical Sciences and Mathematics
Ufuzzer: Lightweight Detection Of Php-Based Unrestricted File Upload Vulnerabilities Via Static-Fuzzing Co-Analysis, Jin Huang, Junjie Zhang, Jialun Liu, Chuang Li
Ufuzzer: Lightweight Detection Of Php-Based Unrestricted File Upload Vulnerabilities Via Static-Fuzzing Co-Analysis, Jin Huang, Junjie Zhang, Jialun Liu, Chuang Li
Computer Science and Engineering Faculty Publications
Unrestricted file upload vulnerabilities enable attackers to upload malicious scripts to a web server for later execution. We have built a system, namely UFuzzer, to effectively and automatically detect such vulnerabilities in PHP-based server-side web programs. Different from existing detection methods that use either static program analysis or fuzzing, UFuzzer integrates both (i.e., static-fuzzing co-analysis). Specifically, it leverages static program analysis to generate executable code templates that compactly and effectively summarize the vulnerability-relevant semantics of a server-side web application. UFuzzer then “fuzzes” these templates in a local, native PHP runtime environment for vulnerability detection. Compared to static-analysis-based methods, UFuzzer preserves …