Static detection of execution after redirect vulnerabilities in PHP applications

Abstract

In recent years, modern web applications are becoming more and more complex and it makes difficult for developers to audit the code. The number of attacks against these applications has increased rapidly. Automated detection techniques for web applications are badly in need. Execution after execution (EAR) vulnerability is a kind of logic flaws for web application. It allows the server-side execution continuing after the intended halting point. This may result in serious consequences such as information leakage. In this paper, we propose a path-sensitive inter-procedural analysis to detect EAR vulnerabilities in PHP web applications. The analysis improves the traditional detection method by verifying the path conditions and considers more details which may influence the false-positive rate. We have shown how our approach can handle situations where other existing tools may fail by some real-world examples.