CraftFuzz: Generating Precise Requests for PHP Web Vulnerability Validation

CraftFuzz: Generating Precise Requests for PHP Web Vulnerability Validation

Web applications have become a crucial part of modern society’s infrastructure, and vulnerabilities in them can lead to significant social and economic losses. Static analysis remains the predominant approach for vulnerability detection, due to its extensive coverage. However, its high false positiv...

Full description

Saved in:
Bibliographic Details
Main Authors: Jiazhen Zhao, Kailong Zhu, Guozheng Yang, Yifan Zhang, Yuliang Lu
Format: Article
Language:English
Published: MDPI AG 2025-02-01
Series:Applied Sciences
Subjects:
PHP
directed fuzzing
vulnerability validation
web vulnerability
Online Access:https://www.mdpi.com/2076-3417/15/5/2579
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Web applications have become a crucial part of modern society’s infrastructure, and vulnerabilities in them can lead to significant social and economic losses. Static analysis remains the predominant approach for vulnerability detection, due to its extensive coverage. However, its high false positive rate demands significant expert effort to confirm the actual presence of vulnerabilities. In contrast, dynamic analysis can generate accurate vulnerability reports. Nevertheless, existing fuzzers are often constrained in their methodologies, making it challenging to effectively explore deeper code regions where vulnerabilities are more likely to reside. To address these limitations, we propose CraftFuzz, a directed fuzzing approach that combines static and dynamic analysis. It aims to bypass extensive ineffective path exploration and generate precise requests for validating PHP web vulnerabilities. CraftFuzz adopts a multi-stage refinement-solving strategy, including static extraction of path constraints and routing rules for entry URL generation, solving path constraints through fuzzing and parameter mutation, and payload construction based on various reflection strategies to effectively handle data constraints. Ultimately, CraftFuzz ensures that fuzzing requests accurately reach the target sink and successfully trigger vulnerabilities. The experimental results demonstrated that CraftFuzz could solve each entry URL and path constraint within 6 s and 20 s, respectively, achieving a 97.1% success rate in entry URL generation and a 95% success rate in path constraint solving. For known vulnerability verification, CraftFuzz validated 88.88% of vulnerabilities, outperforming state-of-the-art fuzzers by 32.28%.
ISSN:2076-3417

Similar Items