FUSE: Finding File Upload Bugs via Penetration Testing

Lee, Taekjin; Wi, Seongil; Lee, Suyong; Son, Sooel

doi:10.14722/ndss.2020.23126

Cited by 13 publications

(7 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Ostrich [57], Black Widow [58], Bleem [59], Censys [61], Chainsaw [62], Chucky [63], Commix [64], CryptoGuard [65], CuPerFuzzer [66], Deemon [67], Delta [68], Diane [70], EBF [71], ELAID [72], ESASCF [73], ESRFuzzer [74], FUGIO [77], FUSE [78],…”

Section: Discussionmentioning

confidence: 99%

“…AIBugHunter [52], ARMONY [53], AVAIN [55], AVAIN [55], Autosploit [54], Bbuzz [56], Black Ostrich [57], Black Widow [58], Bleem [59], Cairis [60], Censys [61], Chainsaw [62], Chucky [63], Commix [64], CryptoGuard [65], CuPerFuzzer [66], DFBC [69], Deemon [67], Delta [68], Delta [68], Diane [70], EBF [71], ELAID [72], ESASCF [73], ESRFuzzer [74], ESSecA [75], FUGIO [77], FUSE [78], Firmaster [76], Gail-PT [79], Gail-PT [79], HILTI [82], HILTI [82], IoTFuzzer [83], JCOMIX [84], LAID [85], LTESniffer [88], Link [86], Lore [87], Mace [89], MaliceScript [92], MaliceScript [92], Masat [93], Mirage [94], Mirage [94], Mitch [95], MoScan …”

Section: Reconnaissancementioning

confidence: 99%

“…Black Ostrich [57], Black Widow [58], Censys [61], Chainsaw [62], Commix [64], Deemon [67], ESASCF [73], ESSecA [75], FUGIO [77], FUSE [78], Firmaster [76], Gail-PT [79], JCOMIX [84], Link [86], Lore [87], MAL [91], Mace [89], MaliceScript [92], Masat [93], Mitch [95], NAUTILUS [97], NAVEX [98], NetCAT [99], No Name (CSRF) [101], NodeXP [104], OSV [107], ObjectMap [105], PURITY [117], Pentest-GPT [113], PhpSAFE [114], Pyciuti [118], RAT [119], Revealer [120], Robin [122], SOA-Scanner [130], SVED [133], Scanner++ [125], SerialDetector [127], ShoVAT [128], TChecker [135], TORPEDO [136], VAPE-BRIDGE [139], VERA [140], Vulcan [142], Vulnet [145], WAPTT [148], WebFuzz…”

Section: Reconnaissancementioning

confidence: 99%

See 2 more Smart Citations

Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools

Modesti,

Golightly,

Holmes

et al. 2024

JCP

View full text Add to dashboard Cite

The majority of Ethical Hacking (EH) tools utilised in penetration testing are developed by practitioners within the industry or underground communities. Similarly, academic researchers have also contributed to developing security tools. However, there appears to be limited awareness among practitioners of academic contributions in this domain, creating a significant gap between industry and academia’s contributions to EH tools. This research paper aims to survey the current state of EH academic research, primarily focusing on research-informed security tools. We categorise these tools into process-based frameworks (such as PTES and Mitre ATT&CK) and knowledge-based frameworks (such as CyBOK and ACM CCS). This classification provides a comprehensive overview of novel, research-informed tools, considering their functionality and application areas. The analysis covers licensing, release dates, source code availability, development activity, and peer review status, providing valuable insights into the current state of research in this field.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Reconnaissancementioning

confidence: 99%

Section: Reconnaissancementioning

confidence: 99%

See 1 more Smart Citation

Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools

Modesti,

Golightly,

Holmes

et al. 2024

JCP

View full text Add to dashboard Cite

show abstract

“…Taekjin et al [54] proposed a penetration testing system FUSE for identifying file upload vulnerabilities. The system uses dynamic analysis technology to send test requests when the web application is running, and check whether the file upload is successful through the file monitoring module.…”

Section: Dynamic Methodsmentioning

confidence: 99%

Cefuzz: An Directed Fuzzing Framework for PHP RCE Vulnerability

Zhao

Zhu

et al. 2022

Electronics

View full text Add to dashboard Cite

Current static detection technology for web application vulnerabilities relies highly on specific vulnerability patterns, while dynamic analysis technology has the problem of low vulnerability coverage. In order to improve the ability to detect unknown web application vulnerabilities, this paper proposes a PHP Remote Command/Code Execution (RCE) vulnerability directed fuzzing method. Our method is a combination of static and dynamic methods. First, we obtained the potential RCE vulnerability information of the web application through fine-grained static taint analysis. The,n we performed instrumentation for the source code of the web application based on the potential RCE vulnerability information to provide feedback information for fuzzing. Finally, a loop feedback web application vulnerability automatic verification mechanism was established in which the vulnerability verification component provides feedback information, and the seed mutation component improves the vulnerability test seed based on the feedback information. On the basis of this method, the prototype system Cefuzz (Command/Code Execution Fuzzer) is implemented. Thorough experiments show that, compared with the existing web application vulnerability detection methods, Cefuzz significantly improves the verification effect of RCE vulnerabilities, discovering 13 unknown vulnerabilities in 10 popular web CMSes.

show abstract

“…We provide a detailed comparison in §IV-C. Finally, a multitude of other works have focused on identifying specific flaws, such as client-side XSS [36], [55], [54], CSRF [16], [33] and unrestricted file uploads [35].…”

Section: Related Workmentioning

confidence: 99%

ReScan: A Middleware Framework for Realistic and Robust Black-box Web Application Scanning

Drakonakis¹,

Ioannidis²,

Polakis³

2023

Proceedings 2023 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Black-box web vulnerability scanners are invaluable for security researchers and practitioners. Despite recent approaches tackling some of the inherent limitations of scanners, many have not sufficiently evolved alongside web browsers and applications, and often lack the capabilities for handling the inherent challenges of navigating and interacting with modern web applications. Instead of building an alternative scanner that could naturally only incorporate a limited set of the wide range of vulnerability-finding capabilities offered by the multitude of existing scanners, in this paper we propose an entirely different strategy. We present ReScan, a scanner-agnostic middleware framework that transparently enhances scanners' capabilities by mediating their interaction with web applications in a realistic and robust manner, using an orchestrated, fully-fledged modern browser. In essence, our framework can be used in conjunction with any vulnerability scanner, thus allowing users to benefit from the capabilities of existing and future scanners. Our extensible and modular framework includes a collection of enhancement techniques that address limitations and obstacles commonly faced by state-ofthe-art scanners. Our experimental evaluation demonstrates that despite the considerable (and expected) overhead introduced by a fully-fledged browser, our framework significantly improves the code coverage achieved by popular scanners (168% on average), resulting in a 66% and 161% increase in the number of reflected and stored XSS vulnerabilities detected, respectively.

show abstract

FUSE: Finding File Upload Bugs via Penetration Testing

Cited by 13 publications

References 30 publications

Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools

Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools

Cefuzz: An Directed Fuzzing Framework for PHP RCE Vulnerability

ReScan: A Middleware Framework for Realistic and Robust Black-box Web Application Scanning

Contact Info

Product

Resources

About