EARs in the wild: Large-scale analysis of Execution After Redirect Vulnerabilities

Pierre Payet, Adam Doupe, Christopher Kruegel, Giovanni Vigna

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Citations (Scopus)

Abstract

Execution After Redirect vulnerabilities - logic flaws in web applications where unintended code is executed after a redirect - have received little attention from the research community. In fact, we found a research paper that incorrectly modeled the redirect semantics, causing their static analysis to miss EAR vulnerabilities. To understand the breadth and scope of EARs in the real world, we performed a large-scale analysis to determine the prevalence of EARs on the Internet. We crawled 8,097,283 URLs from 255,957 domains. We employ a black-box approach that finds EARs which manifest themselves by information leakage in the HTTP redirect response. For this type of EAR, we developed a classification system that discovered 2,173 security-critical EARs among 416 domains. This result shows that EARs are a serious and prevalent problem on the Internet today and deserve future research attention.

Original languageEnglish (US)
Title of host publicationProceedings of the ACM Symposium on Applied Computing
Pages1792-1799
Number of pages8
DOIs
StatePublished - 2013
Externally publishedYes
Event28th Annual ACM Symposium on Applied Computing, SAC 2013 - Coimbra, Portugal
Duration: Mar 18 2013Mar 22 2013

Other

Other28th Annual ACM Symposium on Applied Computing, SAC 2013
CountryPortugal
CityCoimbra
Period3/18/133/22/13

Fingerprint

Internet
HTTP
Static analysis
Websites
Semantics
Defects

ASJC Scopus subject areas

  • Software

Cite this

Payet, P., Doupe, A., Kruegel, C., & Vigna, G. (2013). EARs in the wild: Large-scale analysis of Execution After Redirect Vulnerabilities. In Proceedings of the ACM Symposium on Applied Computing (pp. 1792-1799) https://doi.org/10.1145/2480362.2480699

EARs in the wild : Large-scale analysis of Execution After Redirect Vulnerabilities. / Payet, Pierre; Doupe, Adam; Kruegel, Christopher; Vigna, Giovanni.

Proceedings of the ACM Symposium on Applied Computing. 2013. p. 1792-1799.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Payet, P, Doupe, A, Kruegel, C & Vigna, G 2013, EARs in the wild: Large-scale analysis of Execution After Redirect Vulnerabilities. in Proceedings of the ACM Symposium on Applied Computing. pp. 1792-1799, 28th Annual ACM Symposium on Applied Computing, SAC 2013, Coimbra, Portugal, 3/18/13. https://doi.org/10.1145/2480362.2480699
Payet P, Doupe A, Kruegel C, Vigna G. EARs in the wild: Large-scale analysis of Execution After Redirect Vulnerabilities. In Proceedings of the ACM Symposium on Applied Computing. 2013. p. 1792-1799 https://doi.org/10.1145/2480362.2480699
Payet, Pierre ; Doupe, Adam ; Kruegel, Christopher ; Vigna, Giovanni. / EARs in the wild : Large-scale analysis of Execution After Redirect Vulnerabilities. Proceedings of the ACM Symposium on Applied Computing. 2013. pp. 1792-1799
@inproceedings{0fa6a68d074b42dba79f17af2003d0dd,
title = "EARs in the wild: Large-scale analysis of Execution After Redirect Vulnerabilities",
abstract = "Execution After Redirect vulnerabilities - logic flaws in web applications where unintended code is executed after a redirect - have received little attention from the research community. In fact, we found a research paper that incorrectly modeled the redirect semantics, causing their static analysis to miss EAR vulnerabilities. To understand the breadth and scope of EARs in the real world, we performed a large-scale analysis to determine the prevalence of EARs on the Internet. We crawled 8,097,283 URLs from 255,957 domains. We employ a black-box approach that finds EARs which manifest themselves by information leakage in the HTTP redirect response. For this type of EAR, we developed a classification system that discovered 2,173 security-critical EARs among 416 domains. This result shows that EARs are a serious and prevalent problem on the Internet today and deserve future research attention.",
author = "Pierre Payet and Adam Doupe and Christopher Kruegel and Giovanni Vigna",
year = "2013",
doi = "10.1145/2480362.2480699",
language = "English (US)",
isbn = "9781450316569",
pages = "1792--1799",
booktitle = "Proceedings of the ACM Symposium on Applied Computing",

}

TY - GEN

T1 - EARs in the wild

T2 - Large-scale analysis of Execution After Redirect Vulnerabilities

AU - Payet, Pierre

AU - Doupe, Adam

AU - Kruegel, Christopher

AU - Vigna, Giovanni

PY - 2013

Y1 - 2013

N2 - Execution After Redirect vulnerabilities - logic flaws in web applications where unintended code is executed after a redirect - have received little attention from the research community. In fact, we found a research paper that incorrectly modeled the redirect semantics, causing their static analysis to miss EAR vulnerabilities. To understand the breadth and scope of EARs in the real world, we performed a large-scale analysis to determine the prevalence of EARs on the Internet. We crawled 8,097,283 URLs from 255,957 domains. We employ a black-box approach that finds EARs which manifest themselves by information leakage in the HTTP redirect response. For this type of EAR, we developed a classification system that discovered 2,173 security-critical EARs among 416 domains. This result shows that EARs are a serious and prevalent problem on the Internet today and deserve future research attention.

AB - Execution After Redirect vulnerabilities - logic flaws in web applications where unintended code is executed after a redirect - have received little attention from the research community. In fact, we found a research paper that incorrectly modeled the redirect semantics, causing their static analysis to miss EAR vulnerabilities. To understand the breadth and scope of EARs in the real world, we performed a large-scale analysis to determine the prevalence of EARs on the Internet. We crawled 8,097,283 URLs from 255,957 domains. We employ a black-box approach that finds EARs which manifest themselves by information leakage in the HTTP redirect response. For this type of EAR, we developed a classification system that discovered 2,173 security-critical EARs among 416 domains. This result shows that EARs are a serious and prevalent problem on the Internet today and deserve future research attention.

UR - http://www.scopus.com/inward/record.url?scp=84877992639&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84877992639&partnerID=8YFLogxK

U2 - 10.1145/2480362.2480699

DO - 10.1145/2480362.2480699

M3 - Conference contribution

AN - SCOPUS:84877992639

SN - 9781450316569

SP - 1792

EP - 1799

BT - Proceedings of the ACM Symposium on Applied Computing

ER -