| 采用图遍历算法的服务端请求伪造漏洞检测 |
| |
| 引用本文: | 印鸿吉,陈伟.采用图遍历算法的服务端请求伪造漏洞检测[J].计算机工程与应用,2020,56(19):114-119. |
| |
| 作者姓名: | 印鸿吉 陈伟 |
| |
| 作者单位: | 南京邮电大学 计算机学院,南京 210023 |
| |
| 基金项目: | 国家自然科学基金青年基金 |
| |
| 摘 要: | 针对基于PHP语言开发的Web应用系统,提出了一种基于图遍历算法的服务端请求伪造漏洞检测和利用方法。通过构建抽象语法树,获取每个文件的数据流信息,进而利用数据流中的传递依赖关系构造全局的代码属性图,使用图遍历算法对生成的代码属性图进行污点分析,得到污点变量的代码传递依赖路径图,最后使用约束求解的方法对路径图中的经过函数信息进行漏洞检测并生成可利用的攻击向量。实验结果表明,这种检测方式相较于传统的静态审计方法能够很好地发现服务端请求伪造漏洞,并能够自动化生成可绕过的攻击向量。
|
| 关 键 词: | 抽象语法树 代码属性图 污点分析 服务端请求伪造 约束求解 |
Server Side Request Forgery Vulnerability Detection System with Graph Traversal Algorithm |
| |
| YIN Hongji,CHEN Wei.Server Side Request Forgery Vulnerability Detection System with Graph Traversal Algorithm[J].Computer Engineering and Applications,2020,56(19):114-119. |
| |
| Authors: | YIN Hongji CHEN Wei |
| |
| Affiliation: | College of Computer, Nanjing University of Posts and Telecommunications, Nanjing 210023, China |
| |
| Abstract: | In view of the Web application system based on PHP language, a method for detecting and exploiting server side request forgery vulnerabilities based on graph traversal algorithm is proposed. By constructing abstract syntax tree of PHP files, the data flow information of each file is obtained, and global code property graph can be constructed by transfer and dependency relationship in the data flow. The generated code property graph is analyzed by graph traversal algorithm, and the transfer path graph of taint variable is obtained. Finally, the function information in the path graph is analyzed by constraint solving method to detect server side request forgery vulnerabilities and generate available attack vectors. The experimental results show that compared with the traditional static audit method, this detection method can find the server side request forgery vulnerabilities well, and can automatically generate bypassing and available attack payloads. |
| |
| Keywords: | abstract syntax tree code property graph taint analysis Server Side Request Forgery(SSRF) constraint solving |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《计算机工程与应用》浏览原始摘要信息 |
|
点击此处可从《计算机工程与应用》下载全文 |
