UChecker: Automatically Detecting PHP-Based Unrestricted File Upload Vulnerabilities

Jin Huang, Yu Li, Junjie Zhang, Rui Dai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Unrestricted file upload vulnerabilities enable attackers to upload and execute malicious scripts in web servers. We have built a system, namely UChecker, to effectively and automatically detect such vulnerabilities in PHP server-side web applications. Towards this end, UChecker first interprets abstract syntax trees (AST) of program source code to perform symbolic execution. It then models vulnerabilities using SMT constraints and further leverages an SMT solver to verify the satisfiability of these constraints. UChecker features a novel vulnerability-oriented locality analysis algorithm to reduce the workload of symbolic execution, an AST-driven symbolic execution engine with compact data structures, and rules to translate PHP-based constraints into SMT-based constraints by mitigating their semantic gaps. Experiments based on real-world examples have demonstrated that UChecker has accomplished a high detection accuracy. In addition, it detected three vulnerable PHP scripts that are previously unknown.

Original languageEnglish
Title of host publication2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
PublisherIEEE
Pages581-592
Number of pages12
ISBN (Electronic)978-1-7281-0057-9, 978-1-7281-0056-2
ISBN (Print)978-1-7281-0058-6
DOIs
StatePublished - Aug 22 2019
Event49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019 - Portland, United States
Duration: Jun 24 2019Jun 27 2019

Conference

Conference49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019
Country/TerritoryUnited States
CityPortland
Period6/24/196/27/19

ASJC Scopus Subject Areas

  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Hardware and Architecture

Keywords

  • detection
  • program analysis
  • symbolic execution
  • vulnerability
  • web security
  • Servers
  • Arrays
  • Syntactics
  • Semantics
  • Indexes
  • Analytical models
  • Web Application

Disciplines

  • Computer Sciences
  • Engineering

Cite this