计算机工程与应用 ›› 2020, Vol. 56 ›› Issue (19): 114-119.DOI: 10.3778/j.issn.1002-8331.1907-0090

• 网络、通信与安全 • 上一篇    下一篇

采用图遍历算法的服务端请求伪造漏洞检测

印鸿吉,陈伟   

  1. 南京邮电大学 计算机学院,南京 210023
  • 出版日期:2020-10-01 发布日期:2020-09-29

Server Side Request Forgery Vulnerability Detection System with Graph Traversal Algorithm

YIN Hongji, CHEN Wei   

  1. College of Computer, Nanjing University of Posts and Telecommunications, Nanjing 210023, China
  • Online:2020-10-01 Published:2020-09-29

PDF

摘要:

针对基于PHP语言开发的Web应用系统,提出了一种基于图遍历算法的服务端请求伪造漏洞检测和利用方法。通过构建抽象语法树,获取每个文件的数据流信息,进而利用数据流中的传递依赖关系构造全局的代码属性图,使用图遍历算法对生成的代码属性图进行污点分析,得到污点变量的代码传递依赖路径图,最后使用约束求解的方法对路径图中的经过函数信息进行漏洞检测并生成可利用的攻击向量。实验结果表明,这种检测方式相较于传统的静态审计方法能够很好地发现服务端请求伪造漏洞,并能够自动化生成可绕过的攻击向量。

关键词: 抽象语法树, 代码属性图, 污点分析, 服务端请求伪造, 约束求解

Abstract:

In view of the Web application system based on PHP language, a method for detecting and exploiting server side request forgery vulnerabilities based on graph traversal algorithm is proposed. By constructing abstract syntax tree of PHP files, the data flow information of each file is obtained, and global code property graph can be constructed by transfer and dependency relationship in the data flow. The generated code property graph is analyzed by graph traversal algorithm, and the transfer path graph of taint variable is obtained. Finally, the function information in the path graph is analyzed by constraint solving method to detect server side request forgery vulnerabilities and generate available attack vectors. The experimental results show that compared with the traditional static audit method, this detection method can find the server side request forgery vulnerabilities well, and can automatically generate bypassing and available attack payloads.

Key words: abstract syntax tree, code property graph, taint analysis, Server Side Request Forgery(SSRF), constraint solving

京ICP备13024262号-1
Copyright © 《计算机工程与应用》编辑部
技术支持:北京玛格泰克科技发展有限公司
总访问量
今日访问
在线人数