Method on the Detection of Second-Order Vulnerability for PHP Applications

Journal of Information Security Research ›› 2018, Vol. 4 ›› Issue (4): 380-386.

Previous Articles Next Articles

Method on the Detection of Second-Order Vulnerability for PHP Applications

Received:2018-04-20 Online:2018-04-15 Published:2018-04-20

针对PHP应用的二阶漏洞检测方法

周航¹,方勇²,黄诚³,刘亮²,陈兴刚⁴

1. 四川大学电子信息学院
2. 四川大学网络空间学院
3. 四川大学信息安全研究所
4. 成都市计量检定测试院

通讯作者: 周航
作者简介:周航硕士，主要研究方向为Web安全、网络攻防技术. 方勇博士，教授，主要研究方向为信息安全、网络信息对抗. 黄诚博士，主要研究方向为信息安全、网络攻防技术. 刘亮硕士，讲师，主要研究方向为网络系统与信息安全. 陈兴刚工程师，主要研究方向为计算机应用.

Abstract

Abstract: Traditional vulnerability detection tools are used for detecting Web second-order vulnerability. However, the false positive rate is generally high. To solve this problem, the generation principle of second-order vulnerability was studied. A method of second-order vulnerability detection based on static analysis was proposed and the corresponding automation tool CodeAn was implemented. First, all the statements of creating table were extracted to rebuild the database structure using syntax analysis. Then, the control flow graph constructed by abstract syntax tree was used to analyze the data flow of the database read-write operation. With the analysis of sinks and sanitizers, the second-order Web vulnerability detection method of PHP applications was achieved.

Key words: vulnerability detection, static analysis, second-order vulnerability, data flow analysis, control flow graph

摘要： 传统的漏洞检测工具在对Web二阶漏洞进行检测时，普遍存在误报率高的缺点．为了解决这类问题，针对二阶漏洞漏洞产生原理进行了研究，提出了一种基于静态分析的二阶漏洞检测方法，并实现了相应的自动化工具CodeAn．该方法首先对所有数据表创建语句进行提取，并利用语法分析重建数据库结构；然后通过遍历抽象语法树构建的控制流图对数据库的读写过程进行数据流分析，再结合敏感函数和净化函数分析，从而实现对PHP应用中Web二阶漏洞的检测．

关键词: 漏洞检测, 静态分析, 二阶漏洞, 数据流分析, 控制流图

周航方勇黄诚刘亮陈兴刚. 针对PHP应用的二阶漏洞检测方法[J]. 信息安全研究, 2018, 4(4): 380-386.

References

[1] Zapponi C. Programming languages and GitHub[J/OL]. [2017-11-10]. http://githut.info/ [2] Nguyen-Tuong A, Guarnieri S, Greene D, et al. Automatically Hardening Web Applications Using Precise Tainting[J]. Ifip Advances in Information & Communication Technology, 2005, 181:372--382. [3] 霍志鹏. 基于静态分析的PHP代码缺陷检测[D]. 北京：北京邮电大学, 2015 [4] 王蕾, 李丰, 李炼,等. 污点分析技术的原理和实践应用[J]. 软件学报, 2017, 28(4):860-882 [5] 王耀辉, 王丹, 付利华. 面向PHP程序的SQL漏洞检测系统[J]. 计算机工程, 2016, 42(4):112-118 [6] Yan L, Li X, Feng R, et al. Detection method of the second-order SQL injection in web applications [C] //International Workshop on Structured Object-Oriented Formal Language and Method. Springer, Cham, 2013: 154-165. [7] 田玉杰,赵泽茂,张海川,李学双.二阶SQL注入攻击防御模型[J].信息网络安全,2014(11):70-73 [8] Backes M, Rieck K, Skoruppa M, et al. Efficient and flexible discovery of PHP application vulnerabilities [C] //Proc of IEEE European Symp on Security and Privacy.Piscataway,NJ: IEEE, 2017:334-349 [9] Papagiannis I, Migliavacca M, Pietzuch P. PHP aspis: Using partial taint tracking to protect against injection attacks [C] //Proc of USENIX Conf on Web Application Development. Berkeley:USENIX Association, 2011:2-2 [10] Cao D, Bai D. Design and implementation for SQL parser based on ANTLR [C] //Proc of Int Conf on Computer Engineering and Technology. Piscataway,NJ: IEEE, 2010:V4-276-V4-279 [11] 夏玉辉, 张威, 万琳,等. 一种基于控制流图的静态测试方法[C]// 全国软件测试会议与移动计算、栅格、智能化高级论坛会议录.武汉: 中国计算机学会容错计算专业委员会, 2009 [12 聂世超. PHP程序静态分析系统的设计与实现[D]. 长春：吉林大学, 2011 [13 The PHP Group.References explained[EB/OL]. [2017-11-10]. http://php.net/manual/zh/language.references.php [14 Xie Y, Aiken A. Static detection of security vulnerabilities in scripting languages [C] //Proc of USENIX Security Symp. Berkeley:USENIX Association, 2006:179-192 [15] Ouni A, Kessentini M, Inoue K, et al. Search-based Web Service Antipatterns Detection[J]. IEEE Transactions on Services Computing, 2015, PP(99):1-1

Method on the Detection of Second-Order Vulnerability for PHP Applications

针对PHP应用的二阶漏洞检测方法

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 10

Recommended Articles

Metrics

[1]	. Obfuscated Android Malware Detection Based on Random Forest [J]. Journal of Information Security Research, 2021, 7(2): 126-135.
[2]	. An Android Malicious Code Detection Method Based on Native Code Features [J]. Journal of Information Security Research, 2018, 4(6): 511-517.
[3]	. The Study of Defect Patterns Matching Based on Static Analysis [J]. Journal of Information Security Research, 2018, 4(4): 359-363.
[4]	. Research on security audit method of source code [J]. Journal of Information Security Research, 2018, 4(11): 977-986.
[5]	. Research on Android Application Permission Monitor [J]. Journal of Information Security Research, 2017, 3(2): 139-144.
[6]	. A High Code Coverage Static and Dyamic Combined Fuzzing Method [J]. Journal of Information Security Research, 2016, 2(8): 699-705.
[7]	Sun Wei. A Review on Cross-Site Scripting [J]. Journal of Information Security Research, 2016, 2(12): 1068-1080.
[8]	Sun Wei. Research and Application of Security Data Space Construction Method [J]. Journal of Information Security Research, 2016, 2(12): 1098-1104.
[9]	Zhang Bingqi Sun Wei. A PHP Source-code SQL Injection Attack Detection Algorithm Based on Taint Tracking [J]. Journal of Information Security Research, 2015, 1(2): 140-148.
[10]	Sun Wei Chen Lin. A C# Source Code SQL Injection Attack Detection Algorithm Based on Abstract Syntax Tree [J]. Journal of Information Security Research, 2015, 1(2): 112-125.