Federico De Meo, Luca Viganò
Web applications require access to the file-system for many different tasks. When analyzing the security of a web application, secu- rity analysts should thus consider the impact that file-system operations have on the security of the whole application. Moreover, the analysis should take into consideration how file-system vulnerabilities might in- teract with other vulnerabilities leading an attacker to breach into the web application. In this paper, we first propose a classification of file- system vulnerabilities, and then, based on this classification, we present a formal approach that allows one to exploit file-system vulnerabilities. We give a formal representation of web applications, databases and file- systems, and show how to reason about file-system vulnerabilities. We also show how to combine file-system vulnerabilities and SQL-Injection vulnerabilities for the identification of complex, multi-stage attacks. We have developed an automatic tool that implements our approach and we show its efficiency by discussing several real-world case studies, which are witness to the fact that our tool can generate, and exploit, complex attacks that, to the best of our knowledge, no other state-of-the-art-tool for the security of web applications can find.