Advanced Search
DSpace@MIT

Automatic Creation of SQL Injection and Cross-Site Scripting Attacks

Research and Teaching Output of the MIT Community

Show simple item record

dc.contributor Michael Ernst en_US
dc.contributor Program Analysis en_US
dc.contributor.author Kiezun, Adam en_US
dc.contributor.author Guo, Philip J. en_US
dc.contributor.author Jayaraman, Karthick en_US
dc.contributor.author Ernst, Michael D. en_US
dc.date.accessioned 2008-09-25T19:00:06Z
dc.date.available 2008-09-25T19:00:06Z
dc.date.issued 2008-09-10
dc.identifier local: MIT-CSAIL-TR-2008-054
dc.identifier.uri http://hdl.handle.net/1721.1/42836
dc.description.abstract We present a technique for finding security vulnerabilitiesin Web applications. SQL Injection (SQLI) and cross-sitescripting (XSS) attacks are widespread forms of attackin which the attacker crafts the input to the application toaccess or modify user data and execute malicious code. Inthe most serious attacks (called second-order, or persistent,XSS), an attacker can corrupt a database so as to causesubsequent users to execute malicious code.This paper presents an automatic technique for creatinginputs that expose SQLI and XSS vulnerabilities. The techniquegenerates sample inputs, symbolically tracks taintsthrough execution (including through database accesses),and mutates the inputs to produce concrete exploits. Oursis the first analysis of which we are aware that preciselyaddresses second-order XSS attacks.Our technique creates real attack vectors, has few falsepositives, incurs no runtime overhead for the deployed application,works without requiring modification of applicationcode, and handles dynamic programming-languageconstructs. We implemented the technique for PHP, in a toolArdilla. We evaluated Ardilla on five PHP applicationsand found 68 previously unknown vulnerabilities (23 SQLI,33 first-order XSS, and 12 second-order XSS). en_US
dc.format.extent 11 p. en_US
dc.relation.ispartofseries Massachusetts Institute of Technology Computer Science and Artificial Intelligence Laboratory en_US
dc.subject reliability en_US
dc.subject dynamic analysis en_US
dc.subject dynamic taint en_US
dc.title Automatic Creation of SQL Injection and Cross-Site Scripting Attacks en_US
dc.identifier.citation en_US


Files in this item

Name Size Format Description
MIT-CSAIL-TR-2008 ... 394.1Kb PDF
MIT-CSAIL-TR-2008 ... 72.13Kb Postscript

The following license files are associated with this item:

This item appears in the following Collection(s)

Show simple item record

MIT-Mirage