{"title":"UChecker: Automatically Detecting PHP-Based Unrestricted File Upload Vulnerabilities","authors":"Jin Huang, Yu Li, Junjie Zhang, Rui Dai","doi":"10.1109/DSN.2019.00064","DOIUrl":null,"url":null,"abstract":"Unrestricted file upload vulnerabilities enable attackers to upload and execute malicious scripts in web servers. We have built a system, namely UChecker, to effectively and automatically detect such vulnerabilities in PHP server-side web applications. Towards this end, UChecker first interprets abstract syntax trees (AST) of program source code to perform symbolic execution. It then models vulnerabilities using SMT constraints and further leverages an SMT solver to verify the satisfiability of these constraints. UChecker features a novel vulnerability-oriented locality analysis algorithm to reduce the workload of symbolic execution, an AST-driven symbolic execution engine with compact data structures, and rules to translate PHP-based constraints into SMT-based constraints by mitigating their semantic gaps. Experiments based on real-world examples have demonstrated that UChecker has accomplished a high detection accuracy. In addition, it detected three vulnerable PHP scripts that are previously unknown.","PeriodicalId":271955,"journal":{"name":"2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"18","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSN.2019.00064","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 18
Abstract
Unrestricted file upload vulnerabilities enable attackers to upload and execute malicious scripts in web servers. We have built a system, namely UChecker, to effectively and automatically detect such vulnerabilities in PHP server-side web applications. Towards this end, UChecker first interprets abstract syntax trees (AST) of program source code to perform symbolic execution. It then models vulnerabilities using SMT constraints and further leverages an SMT solver to verify the satisfiability of these constraints. UChecker features a novel vulnerability-oriented locality analysis algorithm to reduce the workload of symbolic execution, an AST-driven symbolic execution engine with compact data structures, and rules to translate PHP-based constraints into SMT-based constraints by mitigating their semantic gaps. Experiments based on real-world examples have demonstrated that UChecker has accomplished a high detection accuracy. In addition, it detected three vulnerable PHP scripts that are previously unknown.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
