Automatically Generating Searchable Fingerprints For WordPress Plugins Using Static Program Analysis
Publication Date
2022
Document Type
Thesis
Committee Members
Junjie Zhang, Ph.D. (Advisor); Krishnaprasad Thirunarayan, Ph.D. (Committee Member); Bin Wang, Ph.D. (Committee Member)
Degree Name
Master of Science (MS)
Abstract
This thesis introduces a novel method to automatically generate fingerprints for WordPress plugins. Our method performs static program analysis using Abstract Syntax Trees (ASTs) of WordPress plugins. The generated fingerprints can be used for identifying these plugins using search engines, which have support critical applications such as proactively identifying web servers with vulnerable WordPress plugins. We have used our method to generate fingerprints for over 10,000 WordPress plugins and analyze the resulted fingerprints. Our fingerprints have also revealed 453 websites that are potentially vulnerable. We have also compared fingerprints for vulnerable plugins and those for vulnerability-free plugins.
Page Count
44
Department or Program
Department of Computer Science and Engineering
Year Degree Awarded
2022
Copyright
Copyright 2022, some rights reserved. My ETD may be copied and distributed only for non-commercial purposes and may not be modified. All use must give me credit as the original author.
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 License.
