A Sweet Recipe for Consolidated Vulnerabilities: Attacking a Live Website by Harnessing a Killer Combination of Vulnerabilities
Mazharul Islam, MD. Nazmuddoha Ansary, Novia Nurain, Salauddin Parvez, Shams, and A. B. M. Alim Al Islam

TL;DR
This paper introduces a finite state machine model to analyze and exploit combinations of vulnerabilities in live websites, demonstrating how interconnected weaknesses can be exploited to cause significant damage.
Contribution
It presents a novel FSM-based approach to identify and leverage connections among multiple website vulnerabilities, enhancing attack strategies.
Findings
Effective in analyzing vulnerabilities on real websites
Demonstrates the potential for combined vulnerabilities to cause greater harm
Provides a new method for vulnerability connection analysis
Abstract
The recent emergence of new vulnerabilities is an epoch-making problem in the complex world of website security. Most of the websites are failing to keep updating to tackle their websites from these new vulnerabilities leaving without realizing the weakness of the websites. As a result, when cyber-criminals scour such vulnerable old version websites, the scanner will represent a set of vulnerabilities. Once found, these vulnerabilities are then exploited to steal data, distribute malicious content, or inject defacement and spam content into the vulnerable websites. Furthermore, a combination of different vulnerabilities is able to cause more damages than anticipation. Therefore, in this paper, we endeavor to find connections among various vulnerabilities such as cross-site scripting, local file inclusion, remote file inclusion, buffer overflow CSRF, etc. To do so, we develop a Finite…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
