1 research outputs found
A Sweet Recipe for Consolidated Vulnerabilities: Attacking a Live Website by Harnessing a Killer Combination of Vulnerabilities
The recent emergence of new vulnerabilities is an epoch-making problem in the
complex world of website security. Most of the websites are failing to keep
updating to tackle their websites from these new vulnerabilities leaving
without realizing the weakness of the websites. As a result, when
cyber-criminals scour such vulnerable old version websites, the scanner will
represent a set of vulnerabilities. Once found, these vulnerabilities are then
exploited to steal data, distribute malicious content, or inject defacement and
spam content into the vulnerable websites. Furthermore, a combination of
different vulnerabilities is able to cause more damages than anticipation.
Therefore, in this paper, we endeavor to find connections among various
vulnerabilities such as cross-site scripting, local file inclusion, remote file
inclusion, buffer overflow CSRF, etc. To do so, we develop a Finite State
Machine (FSM) attacking model, which analyzes a set of vulnerabilities towards
the road to finding connections. We demonstrate the efficacy of our model by
applying it to the set of vulnerabilities found on two live websites.Comment: Accepted at 5th International Conference on Networking, Systems and
Security (5th NSysS 2018