Cefuzz: An Directed Fuzzing Framework for PHP RCE Vulnerability

Jiazhen Zhao,Hui Huang,Zehan Chen,Yuliang Lu,Kailong Zhu

doi:10.3390/electronics11050758

Jiazhen Zhao, Hui Huang + Show 3 more

Open Access

https://doi.org/10.3390/electronics11050758

Copy DOI

Abstract

Current static detection technology for web application vulnerabilities relies highly on specific vulnerability patterns, while dynamic analysis technology has the problem of low vulnerability coverage. In order to improve the ability to detect unknown web application vulnerabilities, this paper proposes a PHP Remote Command/Code Execution (RCE) vulnerability directed fuzzing method. Our method is a combination of static and dynamic methods. First, we obtained the potential RCE vulnerability information of the web application through fine-grained static taint analysis. Then we performed instrumentation for the source code of the web application based on the potential RCE vulnerability information to provide feedback information for fuzzing. Finally, a loop feedback web application vulnerability automatic verification mechanism was established in which the vulnerability verification component provides feedback information, and the seed mutation component improves the vulnerability test seed based on the feedback information. On the basis of this method, the prototype system Cefuzz (Command/Code Execution Fuzzer) is implemented. Thorough experiments show that, compared with the existing web application vulnerability detection methods, Cefuzz significantly improves the verification effect of RCE vulnerabilities, discovering 13 unknown vulnerabilities in 10 popular web CMSes.

Highlights

In response to the above challenges, this paper proposes a PHP Remote Command/Code Execution (RCE) vulnerability detection algorithm based on guided fuzzing
Experimental results show that Cefuzz detects 13 unknown vulnerabilities in 10 popular web CMSes, which demonstrates Cefuzz has strong power in discovering unknown vulnerabilities compared with the current popular web vulnerability detection methods
Attackers can obtain the highest authority of the target system through the RCE vulnerability which may lead to tremendous damage

Summary

Introduction

Web applications are the primary way the Internet provides information and services today. There are various types of vulnerabilities in web applications, among which RCE vulnerabilities, namely Remote Command Execution [3] and Remote Code Execution [4], are the most common and serious. Attackers can execute system commands or arbitrary codes on the target system using the above two types of vulnerabilities to obtain system authority, destroy the integrity and usability of the target system, and steal user privacy information. Due to the widespread use of the PHP language in web applications, there are a large number of security vulnerabilities in PHP web applications. To this end, this paper mainly studies the detection methods of PHP RCE vulnerabilities

Methods

Results

Discussion

Conclusion