Automatic exploitation generation method of write-what-where vulnerability
To solve the problem that the current vulnerability automatic exploitation generation methods cannot automatically generate control-flow-hijacking exploitation from write-what-where, a method of automatic exploitation generation for write-what-where was proposed.First, the write-what-where vulnerabi...
Saved in:
Main Authors: | , , , |
---|---|
Format: | Article |
Language: | zho |
Published: |
Editorial Department of Journal on Communications
2022-01-01
|
Series: | Tongxin xuebao |
Subjects: | |
Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2022003/ |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | To solve the problem that the current vulnerability automatic exploitation generation methods cannot automatically generate control-flow-hijacking exploitation from write-what-where, a method of automatic exploitation generation for write-what-where was proposed.First, the write-what-where vulnerability was detected based on the memory address control strength dynamic taint analysis method.Then, the vulnerability exploitation elements were searched based on the vulnerability exploitation modes, and the exploitation of write-what-where vulnerability was generated automatically by constraint solving.The experimental results show that the proposed method can effectively detect write-what-where vulnerability, search exploitation elements, and automatically generate the control-flow-hijacking exploitation from write-what-where. |
---|---|
ISSN: | 1000-436X |