Automated Data Binding Vulnerability Detection for Java Web Frameworks via Nested Property Graph
This program is tentative and subject to change.
Data binding has been widely adopted by popular web frameworks due to its convenience of automatically binding web request parameters to the web program’s properties. However, its improper implementation in web frameworks exposes sensitive properties, leading to data binding vulnerabilities, which can be exploited to launch severe attacks, such as the Spring4Shell remote code execution. Despite their criticalness, these issues are overlooked, and there is no systematic study addressing them.
This paper presents the first automatic analysis of the data binding vulnerabilities in Java web frameworks. We develop an automatic \underline{D}ata b\underline{I}nding \underline{V}ulnerabilities d\underline{E}tecto\underline{R}, named DIVER, to analyze data binding vulnerabilities. DIVER employs three new techniques: the Nested Property Graph-based Extraction to extract nested properties, the Bind-Site Instrumentation-based Identification to identify bindable nested properties, and the Property-aware Fuzzing to trigger and detect data binding vulnerabilities.
We evaluated DIVER on two widely used Java web frameworks, Spring and Grails, and discovered 81 data binding vulnerabilities. These vulnerabilities can be exploited to launch remote code execution, arbitrary file read, and denial of service attacks. We have responsibly reported these vulnerabilities to the corresponding teams and helped to fix them. Three new CVEs with critical and high severity ratings have been assigned to us, including the infamous Spring4Shell.
This program is tentative and subject to change.
Wed 18 SepDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
13:30 - 14:50 | |||
13:30 20mTalk | Automated Data Binding Vulnerability Detection for Java Web Frameworks via Nested Property Graph Technical Papers Xiaoyong Yan Zhejiang University, Biao He Ant Group, Wenbo Shen Zhejing University, Yu Ouyang Ant Group, Kaihang Zhou Zhejiang University, Xingjian Zhang Zhejiang University, Xingyu Wang Zhejiang University, Yukai Cao Zhejiang University, Rui Chang Zhejiang University | ||
13:50 20mTalk | SCALE: Constructing Symbolic Comment Trees for Software Vulnerability Detection Technical Papers Xin-Cheng Wen Harbin Institute of Technology, Cuiyun Gao Harbin Institute of Technology, Shuzheng Gao The Chinese University of Hong Kong, Yang Xiao Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Michael Lyu Chinese University of Hong Kong DOI | ||
14:10 20mTalk | CEBin: A Cost-Effective Framework for Large-Scale Binary Code Similarity Detection Technical Papers Hao Wang Tsinghua University, Zeyu Gao Tsinghua University, Chao Zhang Tsinghua University, Mingyang Sun University of Electronic Science and Technology of China, Yuchen Zhou Beijing University of Technology, Han Qiu Tsinghua University, Xi Xiao Tsinghua Shenzhen International Graduate School, Tsinghua University DOI | ||
14:30 20mTalk | Graph Neural Networks for Vulnerability Detection: A Counterfactual Explanation Technical Papers Zhaoyang Chu Huazhong University of Science and Technology, Yao Wan Huazhong University of Science and Technology, Qian Li Curtin University, Yang Wu Huazhong University of Science and Technology, Hongyu Zhang Chongqing University, Yulei Sui UNSW, Guandong Xu University of Technology Sydney, Hai Jin Huazhong University of Science and Technology DOI Pre-print | ||