{"id":"https://openalex.org/W2953687572","doi":"https://doi.org/10.1109/nsyss.2018.8631373","title":"A Sweet Recipe for Consolidated Vulnerabilities: Attacking a Live Website by Harnessing a Killer Combination of Vulnerabilities for Greater Harm","display_name":"A Sweet Recipe for Consolidated Vulnerabilities: Attacking a Live Website by Harnessing a Killer Combination of Vulnerabilities for Greater Harm","publication_year":2018,"publication_date":"2018-12-01","ids":{"openalex":"https://openalex.org/W2953687572","doi":"https://doi.org/10.1109/nsyss.2018.8631373","mag":"2953687572"},"language":"en","primary_location":{"id":"doi:10.1109/nsyss.2018.8631373","is_oa":false,"landing_page_url":"https://doi.org/10.1109/nsyss.2018.8631373","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2018 5th International Conference on Networking, Systems and Security (NSysS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/1906.11782","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Mazharul Islam","orcid":null},"institutions":[{"id":"https://openalex.org/I183697816","display_name":"Bangladesh University of Engineering and Technology","ror":"https://ror.org/05a1qpv97","country_code":"BD","type":"education","lineage":["https://openalex.org/I183697816"]}],"countries":["BD"],"is_corresponding":true,"raw_author_name":"Mazharul Islam","raw_affiliation_strings":["Department of Computer Science and Engineering, Bangladesh University of Engineering and Technology, Dhaka, Bangladesh"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, Bangladesh University of Engineering and Technology, Dhaka, Bangladesh","institution_ids":["https://openalex.org/I183697816"]}]},{"author_position":"middle","author":{"id":null,"display_name":"MD. Nazmuddoha Ansary","orcid":null},"institutions":[{"id":"https://openalex.org/I183697816","display_name":"Bangladesh University of Engineering and Technology","ror":"https://ror.org/05a1qpv97","country_code":"BD","type":"education","lineage":["https://openalex.org/I183697816"]}],"countries":["BD"],"is_corresponding":false,"raw_author_name":"MD. Nazmuddoha Ansary","raw_affiliation_strings":["Department of Electrical and Electronic Engineering, Bangladesh University of Engineering and Technology, Dhaka, Bangladesh"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Electronic Engineering, Bangladesh University of Engineering and Technology, Dhaka, Bangladesh","institution_ids":["https://openalex.org/I183697816"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Novia Nurain","orcid":null},"institutions":[{"id":"https://openalex.org/I63169043","display_name":"United International University","ror":"https://ror.org/01tqv1p28","country_code":"BD","type":"education","lineage":["https://openalex.org/I63169043"]}],"countries":["BD"],"is_corresponding":false,"raw_author_name":"Novia Nurain","raw_affiliation_strings":["Department of Computer Science and Engineering, United International University, Dhaka, Bangladesh"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, United International University, Dhaka, Bangladesh","institution_ids":["https://openalex.org/I63169043"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Salauddin Parvez Shams","orcid":null},"institutions":[{"id":"https://openalex.org/I183697816","display_name":"Bangladesh University of Engineering and Technology","ror":"https://ror.org/05a1qpv97","country_code":"BD","type":"education","lineage":["https://openalex.org/I183697816"]}],"countries":["BD"],"is_corresponding":false,"raw_author_name":"Salauddin Parvez Shams","raw_affiliation_strings":["Department of Electrical and Electronic Engineering, Bangladesh University of Engineering and Technology, Dhaka, Bangladesh"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Electronic Engineering, Bangladesh University of Engineering and Technology, Dhaka, Bangladesh","institution_ids":["https://openalex.org/I183697816"]}]},{"author_position":"last","author":{"id":null,"display_name":"A. B. M. Alim Al Islam","orcid":null},"institutions":[{"id":"https://openalex.org/I183697816","display_name":"Bangladesh University of Engineering and Technology","ror":"https://ror.org/05a1qpv97","country_code":"BD","type":"education","lineage":["https://openalex.org/I183697816"]}],"countries":["BD"],"is_corresponding":false,"raw_author_name":"A. B. M. Alim Al Islam","raw_affiliation_strings":["Department of Computer Science and Engineering, Bangladesh University of Engineering and Technology, Dhaka, Bangladesh"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, Bangladesh University of Engineering and Technology, Dhaka, Bangladesh","institution_ids":["https://openalex.org/I183697816"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I183697816"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.34074751,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"9"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/harm","display_name":"Harm","score":0.6621000170707703},{"id":"https://openalex.org/keywords/damages","display_name":"Damages","score":0.6187000274658203},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.524399995803833},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5170000195503235},{"id":"https://openalex.org/keywords/state","display_name":"State (computer science)","score":0.4339999854564667},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.3650999963283539}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7777000069618225},{"id":"https://openalex.org/C2777363581","wikidata":"https://www.wikidata.org/wiki/Q15098235","display_name":"Harm","level":2,"score":0.6621000170707703},{"id":"https://openalex.org/C2777381055","wikidata":"https://www.wikidata.org/wiki/Q308922","display_name":"Damages","level":2,"score":0.6187000274658203},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.5855000019073486},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5486000180244446},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.524399995803833},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5170000195503235},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.4339999854564667},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.3650999963283539},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.35199999809265137},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.33739998936653137},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.31290000677108765},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.29580000042915344},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.28290000557899475},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.2800999879837036},{"id":"https://openalex.org/C174839445","wikidata":"https://www.wikidata.org/wiki/Q1134386","display_name":"Lock (firearm)","level":2,"score":0.2628999948501587}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/nsyss.2018.8631373","is_oa":false,"landing_page_url":"https://doi.org/10.1109/nsyss.2018.8631373","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2018 5th International Conference on Networking, Systems and Security (NSysS)","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:1906.11782","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1906.11782","pdf_url":"https://arxiv.org/pdf/1906.11782","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:1906.11782","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1906.11782","pdf_url":"https://arxiv.org/pdf/1906.11782","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Recent":[0],"emergence":[1],"of":[2,13,17,38,58,86,139,151,160],"new":[3,31],"vulnerabilities":[4,32,63,88,108,140,161],"is":[5,89],"an":[6],"epoch-making":[7],"problem":[8],"in":[9,98],"the":[10,18,36,39,52,80,142,149,158],"complex":[11],"world":[12],"website":[14],"security.":[15],"Most":[16],"websites":[19,28],"are":[20,64],"failing":[21],"to":[22,25,67,91,103,144,157],"keep":[23],"updating":[24],"tackle":[26],"their":[27],"from":[29],"these":[30,62],"leaving":[33],"without":[34],"realizing":[35],"weakness":[37],"websites.":[40,82,166],"As":[41],"a":[42,56,84,128,137],"result,":[43],"when":[44],"cyber-criminals":[45],"scour":[46],"such":[47,109],"vulnerable":[48,81],"old":[49],"version":[50],"websites,":[51],"scanner":[53],"will":[54],"represent":[55],"set":[57,138,159],"vulnerabilities.":[59],"Once":[60],"found,":[61],"then":[65],"exploited":[66],"steal":[68],"data,":[69],"distribute":[70],"malicious":[71],"content,":[72],"or":[73],"inject":[74],"defacement":[75],"and":[76],"spam":[77],"content":[78],"into":[79],"Furthermore,":[83],"combination":[85],"different":[87],"able":[90],"cause":[92],"more":[93],"damages":[94],"than":[95],"anticipation.":[96],"Therefore,":[97],"this":[99],"paper,":[100],"we":[101,126],"endeavor":[102],"find":[104],"connections":[105],"among":[106],"various":[107],"as":[110],"cross-site":[111],"scripting,":[112],"local":[113],"file":[114,117],"inclusion,":[115,118],"remote":[116],"buffer":[119],"overflow":[120],"CSRF,":[121],"etc.":[122],"To":[123],"do":[124],"so,":[125],"develop":[127],"Finite":[129],"State":[130],"Machine":[131],"(FSM)":[132],"attacking":[133],"model,":[134],"which":[135],"analyzes":[136],"towards":[141],"road":[143],"finding":[145],"connections.":[146],"We":[147],"demonstrate":[148],"efficacy":[150],"our":[152],"model":[153],"by":[154],"applying":[155],"it":[156],"found":[162],"on":[163],"two":[164],"live":[165]},"counts_by_year":[],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2019-07-12T00:00:00"}