Please use this identifier to cite or link to this item:
Title: Harvesting file download exploits in the web : a hacker's view
Authors: Zhou, P
Gu, X
Chang, RKC 
Keywords: File download exploits
Security-Enhanced script engine
Web security
Issue Date: 2016
Publisher: Oxford University Press
Source: Computer journal, 2016, v. 59, no. 4, p. 522-540 How to cite?
Journal: Computer journal 
Abstract: File download vulnerability, which exposes web servers' local filesystem to the public, is among the most serious security threats in the web. Exploiting this vulnerability will cause disastrous consequences such as, but not limited to, system intrusion, database intrusion and even the leakage of massive confidential documents. Although the file download vulnerability has been known in the literature for a long time, a comprehensive study of its exploitability in the wild is still lacked. In this paper, we survey the landscape of file download vulnerabilities across different countries and domains, and more importantly, examines their exploitability from a hacker's perspective.We have successfully revealed the weak protection of this vulnerability in today's web, as well as confirmed its wide exploitability. To demonstrate the serious consequences, we present two real-world intrusion case studies. One is a system intrusion against a Chinese government website, and the other is a database intrusion targeted to a Chinese industrial service. Our intrusion cases have been confirmed as severe security events by CNCERT (an official security agency in China). At the end, we explore the root cause of this weak protection by analyzing the perils and pitfalls of existing defending solutions, and thereby propose a new enhancement. The basic idea is to deploy amandatory access control mechanism in the server-side script engine kernel, so as to isolate the filesmanaged by the web server from the local filesystem.We have implemented security-enhanced PHP (i.e. SEPHP), a prototype of our new solution by modifying the source code of PHP5 script engine, and also evaluated the performance overhead induced by SEPHP in a real-world web setting.
ISSN: 0010-4620 (print)
1460-2067 (online)
DOI: 10.1093/comjnl/bxv072
Appears in Collections:Journal/Magazine Article

View full-text via PolyU eLinks SFX Query
Show full item record

Page view(s)

Last Week
Last month
Citations as of Jun 18, 2018

Google ScholarTM



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.