UChecker: Automatically Detecting PHP-Based Unrestricted File Upload Vulnerabilities
Unrestricted file upload vulnerabilities enable attackers to upload and execute malicious scripts in web servers. We have built a system, namely UChecker, to effectively and automatically detect such vulnerabilities in PHP server-side web applications. Towards this end, UChecker first interprets abstract syntax trees (AST) of program source code to perform symbolic execution. It then models vulnerabilities using SMT constraints and further leverages an SMT solver to verify the satisfiability of these constraints. UChecker features a novel vulnerability-oriented locality analysis algorithm to reduce the workload of symbolic execution, an AST-driven symbolic execution engine with compact data structures, and rules to translate PHP-based constraints into SMT-based constraints by mitigating their semantic gaps. Experiments based on real-world examples have demonstrated that UChecker has accomplished a high detection accuracy. In addition, it detected three vulnerable PHP scripts that are previously unknown.
& Dai, R.
(2019). UChecker: Automatically Detecting PHP-Based Unrestricted File Upload Vulnerabilities. Proceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019, 581-592.