TL;DR
PHUZZ is a coverage-guided fuzzing framework tailored for PHP web applications, effectively detecting multiple vulnerability types and outperforming existing tools, demonstrated through extensive testing on popular plugins and real-world applications.
Contribution
This work introduces PHUZZ, a novel modular fuzzing framework specifically designed for PHP web applications, addressing the gap in coverage-guided fuzzing for web targets.
Findings
PHUZZ detects more vulnerability classes than state-of-the-art fuzzers.
Fuzzing over 1,000 API endpoints revealed 20+ security issues and 2 new CVEs.
PHUZZ outperforms existing fuzzers in effectiveness and coverage.
Abstract
Coverage-guided fuzz testing has received significant attention from the research community, with a strong focus on binary applications, greatly disregarding other targets, such as web applications. The importance of the World Wide Web in everyone's life cannot be overstated, and to this day, many web applications are developed in PHP. In this work, we address the challenges of applying coverage-guided fuzzing to PHP web applications and introduce PHUZZ, a modular fuzzing framework for PHP web applications. PHUZZ uses novel approaches to detect more client-side and server-side vulnerability classes than state-of-the-art related work, including SQL injections, remote command injections, insecure deserialization, path traversal, external entity injection, cross-site scripting, and open redirection. We evaluate PHUZZ on a diverse set of artificial and real-world web applications with known…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
