Journal of Information Security Research ›› 2018, Vol. 4 ›› Issue (4): 380-386.

Previous Articles     Next Articles

Method on the Detection of Second-Order Vulnerability for PHP Applications


  • Received:2018-04-20 Online:2018-04-15 Published:2018-04-20



  1. 1. 四川大学电子信息学院
    2. 四川大学 网络空间学院
    3. 四川大学信息安全研究所
    4. 成都市计量检定测试院
  • 通讯作者: 周航
  • 作者简介:周航 硕士,主要研究方向为Web安全、网络攻防技术. 方勇 博士,教授,主要研究方向为信息安全、网络信息对抗. 黄诚 博士,主要研究方向为信息安全、网络攻防技术. 刘亮 硕士,讲师,主要研究方向为网络系统与信息安全. 陈兴刚 工程师,主要研究方向为计算机应用.

Abstract: Traditional vulnerability detection tools are used for detecting Web second-order vulnerability. However, the false positive rate is generally high. To solve this problem, the generation principle of second-order vulnerability was studied. A method of second-order vulnerability detection based on static analysis was proposed and the corresponding automation tool CodeAn was implemented. First, all the statements of creating table were extracted to rebuild the database structure using syntax analysis. Then, the control flow graph constructed by abstract syntax tree was used to analyze the data flow of the database read-write operation. With the analysis of sinks and sanitizers, the second-order Web vulnerability detection method of PHP applications was achieved.

Key words: vulnerability detection, static analysis, second-order vulnerability, data flow analysis, control flow graph

摘要: 传统的漏洞检测工具在对Web二阶漏洞进行检测时,普遍存在误报率高的缺点.为了解决这类问题,针对二阶漏洞漏洞产生原理进行了研究,提出了一种基于静态分析的二阶漏洞检测方法,并实现了相应的自动化工具CodeAn.该方法首先对所有数据表创建语句进行提取,并利用语法分析重建数据库结构;然后通过遍历抽象语法树构建的控制流图对数据库的读写过程进行数据流分析,再结合敏感函数和净化函数分析,从而实现对PHP应用中Web二阶漏洞的检测.

关键词: 漏洞检测, 静态分析, 二阶漏洞, 数据流分析, 控制流图