UChecker:自动检测基于php的无限制文件上传漏洞

2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) Pub Date : 2019-06-01 DOI:10.1109/DSN.2019.00064

Jin Huang, Yu Li, Junjie Zhang, Rui Dai

{"title":"UChecker:自动检测基于php的无限制文件上传漏洞","authors":"Jin Huang, Yu Li, Junjie Zhang, Rui Dai","doi":"10.1109/DSN.2019.00064","DOIUrl":null,"url":null,"abstract":"Unrestricted file upload vulnerabilities enable attackers to upload and execute malicious scripts in web servers. We have built a system, namely UChecker, to effectively and automatically detect such vulnerabilities in PHP server-side web applications. Towards this end, UChecker first interprets abstract syntax trees (AST) of program source code to perform symbolic execution. It then models vulnerabilities using SMT constraints and further leverages an SMT solver to verify the satisfiability of these constraints. UChecker features a novel vulnerability-oriented locality analysis algorithm to reduce the workload of symbolic execution, an AST-driven symbolic execution engine with compact data structures, and rules to translate PHP-based constraints into SMT-based constraints by mitigating their semantic gaps. Experiments based on real-world examples have demonstrated that UChecker has accomplished a high detection accuracy. In addition, it detected three vulnerable PHP scripts that are previously unknown.","PeriodicalId":271955,"journal":{"name":"2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"18","resultStr":"{\"title\":\"UChecker: Automatically Detecting PHP-Based Unrestricted File Upload Vulnerabilities\",\"authors\":\"Jin Huang, Yu Li, Junjie Zhang, Rui Dai\",\"doi\":\"10.1109/DSN.2019.00064\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Unrestricted file upload vulnerabilities enable attackers to upload and execute malicious scripts in web servers. We have built a system, namely UChecker, to effectively and automatically detect such vulnerabilities in PHP server-side web applications. Towards this end, UChecker first interprets abstract syntax trees (AST) of program source code to perform symbolic execution. It then models vulnerabilities using SMT constraints and further leverages an SMT solver to verify the satisfiability of these constraints. UChecker features a novel vulnerability-oriented locality analysis algorithm to reduce the workload of symbolic execution, an AST-driven symbolic execution engine with compact data structures, and rules to translate PHP-based constraints into SMT-based constraints by mitigating their semantic gaps. Experiments based on real-world examples have demonstrated that UChecker has accomplished a high detection accuracy. In addition, it detected three vulnerable PHP scripts that are previously unknown.\",\"PeriodicalId\":271955,\"journal\":{\"name\":\"2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"18\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/DSN.2019.00064\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSN.2019.00064","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 18

摘要

无限制文件上传漏洞允许攻击者在web服务器上上传并执行恶意脚本。我们已经建立了一个系统，即UChecker，可以有效地自动检测PHP服务器端web应用程序中的此类漏洞。为此，UChecker首先解释程序源代码的抽象语法树(AST)来执行符号执行。然后使用SMT约束对漏洞进行建模，并进一步利用SMT求解器来验证这些约束的可满足性。UChecker具有新颖的面向漏洞的局域分析算法来减少符号执行的工作量，具有紧凑数据结构的ast驱动的符号执行引擎，以及通过减少语义差距将基于php的约束转换为基于smt的约束的规则。基于实际实例的实验表明，UChecker实现了较高的检测精度。此外，它还检测到三个以前未知的易受攻击的PHP脚本。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

UChecker: Automatically Detecting PHP-Based Unrestricted File Upload Vulnerabilities

Unrestricted file upload vulnerabilities enable attackers to upload and execute malicious scripts in web servers. We have built a system, namely UChecker, to effectively and automatically detect such vulnerabilities in PHP server-side web applications. Towards this end, UChecker first interprets abstract syntax trees (AST) of program source code to perform symbolic execution. It then models vulnerabilities using SMT constraints and further leverages an SMT solver to verify the satisfiability of these constraints. UChecker features a novel vulnerability-oriented locality analysis algorithm to reduce the workload of symbolic execution, an AST-driven symbolic execution engine with compact data structures, and rules to translate PHP-based constraints into SMT-based constraints by mitigating their semantic gaps. Experiments based on real-world examples have demonstrated that UChecker has accomplished a high detection accuracy. In addition, it detected three vulnerable PHP scripts that are previously unknown.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

自引率

0.00%

发文量