A Formal Approach to Exploiting Multi-Stage Attacks based on File-System Vulnerabilities of Web Applications (Extended Version)

TL;DR

This paper introduces a formal method and an automated tool for analyzing and exploiting multi-stage web application attacks that involve file-system vulnerabilities, enhancing security assessment capabilities.

Contribution

It presents a novel formal framework for representing and reasoning about file-system vulnerabilities and their interaction with other vulnerabilities like SQL injection.

Findings

The tool can generate complex multi-stage attack scenarios.

It successfully exploits vulnerabilities in real-world case studies.

The approach outperforms existing tools in identifying sophisticated attacks.

Abstract

Web applications require access to the file-system for many different tasks. When analyzing the security of a web application, secu- rity analysts should thus consider the impact that file-system operations have on the security of the whole application. Moreover, the analysis should take into consideration how file-system vulnerabilities might in- teract with other vulnerabilities leading an attacker to breach into the web application. In this paper, we first propose a classification of file- system vulnerabilities, and then, based on this classification, we present a formal approach that allows one to exploit file-system vulnerabilities. We give a formal representation of web applications, databases and file- systems, and show how to reason about file-system vulnerabilities. We also show how to combine file-system vulnerabilities and SQL-Injection vulnerabilities for the identification of complex, multi-stage attacks. We have developed an automatic tool that implements our approach and we show its efficiency by discussing several real-world case studies, which are witness to the fact that our tool can generate, and exploit, complex attacks that, to the best of our knowledge, no other state-of-the-art-tool for the security of web applications can find.