{"id":"https://openalex.org/W4388878391","doi":"https://doi.org/10.1109/tifs.2023.3335885","title":"URadar: Discovering Unrestricted File Upload Vulnerabilities via Adaptive Dynamic Testing","display_name":"URadar: Discovering Unrestricted File Upload Vulnerabilities via Adaptive Dynamic Testing","publication_year":2023,"publication_date":"2023-11-21","ids":{"openalex":"https://openalex.org/W4388878391","doi":"https://doi.org/10.1109/tifs.2023.3335885"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2023.3335885","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/tifs.2023.3335885","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5020468399","display_name":"Yuanchao Chen","orcid":"https://orcid.org/0000-0002-1532-6658"},"institutions":[{"id":"https://openalex.org/I170215575","display_name":"National University of Defense Technology","ror":"https://ror.org/05d2yfz11","country_code":"CN","type":"education","lineage":["https://openalex.org/I170215575"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Yuanchao Chen","raw_affiliation_strings":["College of Electronic Engineering, National University of Defense Technology, Hefei, China"],"raw_orcid":"https://orcid.org/0000-0002-1532-6658","affiliations":[{"raw_affiliation_string":"College of Electronic Engineering, National University of Defense Technology, Hefei, China","institution_ids":["https://openalex.org/I170215575"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100331391","display_name":"Yuwei Li","orcid":"https://orcid.org/0000-0002-8878-510X"},"institutions":[{"id":"https://openalex.org/I170215575","display_name":"National University of Defense Technology","ror":"https://ror.org/05d2yfz11","country_code":"CN","type":"education","lineage":["https://openalex.org/I170215575"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yuwei Li","raw_affiliation_strings":["College of Electronic Engineering, National University of Defense Technology, Hefei, China"],"raw_orcid":"https://orcid.org/0000-0002-8878-510X","affiliations":[{"raw_affiliation_string":"College of Electronic Engineering, National University of Defense Technology, Hefei, China","institution_ids":["https://openalex.org/I170215575"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5006569051","display_name":"Zulie Pan","orcid":"https://orcid.org/0000-0001-5775-5824"},"institutions":[{"id":"https://openalex.org/I170215575","display_name":"National University of Defense Technology","ror":"https://ror.org/05d2yfz11","country_code":"CN","type":"education","lineage":["https://openalex.org/I170215575"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zulie Pan","raw_affiliation_strings":["College of Electronic Engineering, National University of Defense Technology, Hefei, China"],"raw_orcid":"https://orcid.org/0000-0001-5775-5824","affiliations":[{"raw_affiliation_string":"College of Electronic Engineering, National University of Defense Technology, Hefei, China","institution_ids":["https://openalex.org/I170215575"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089358541","display_name":"Yuliang Lu","orcid":"https://orcid.org/0000-0002-8502-9907"},"institutions":[{"id":"https://openalex.org/I170215575","display_name":"National University of Defense Technology","ror":"https://ror.org/05d2yfz11","country_code":"CN","type":"education","lineage":["https://openalex.org/I170215575"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yuliang Lu","raw_affiliation_strings":["College of Electronic Engineering, National University of Defense Technology, Hefei, China"],"raw_orcid":"https://orcid.org/0000-0002-8502-9907","affiliations":[{"raw_affiliation_string":"College of Electronic Engineering, National University of Defense Technology, Hefei, China","institution_ids":["https://openalex.org/I170215575"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5057039416","display_name":"Juxing Chen","orcid":"https://orcid.org/0000-0001-6482-5325"},"institutions":[{"id":"https://openalex.org/I170215575","display_name":"National University of Defense Technology","ror":"https://ror.org/05d2yfz11","country_code":"CN","type":"education","lineage":["https://openalex.org/I170215575"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Juxing Chen","raw_affiliation_strings":["College of Electronic Engineering, National University of Defense Technology, Hefei, China"],"raw_orcid":"https://orcid.org/0000-0001-6482-5325","affiliations":[{"raw_affiliation_string":"College of Electronic Engineering, National University of Defense Technology, Hefei, China","institution_ids":["https://openalex.org/I170215575"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5058611515","display_name":"Shouling Ji","orcid":"https://orcid.org/0000-0003-4268-372X"},"institutions":[{"id":"https://openalex.org/I168879160","display_name":"Zhejiang University of Science and Technology","ror":"https://ror.org/05mx0wr29","country_code":"CN","type":"education","lineage":["https://openalex.org/I168879160"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shouling Ji","raw_affiliation_strings":["College of Computer Science and Technology, Zhejiang University, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0003-4268-372X","affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I168879160"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5020468399"],"corresponding_institution_ids":["https://openalex.org/I170215575"],"apc_list":null,"apc_paid":null,"fwci":3.1048,"has_fulltext":false,"cited_by_count":7,"citation_normalized_percentile":{"value":0.92997256,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":"19","issue":null,"first_page":"1251","last_page":"1266"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9936000108718872,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8613346219062805},{"id":"https://openalex.org/keywords/upload","display_name":"Upload","score":0.7063827514648438},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.5787057876586914},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.5515994429588318},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.44211211800575256},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.43506455421447754},{"id":"https://openalex.org/keywords/web-server","display_name":"Web server","score":0.43002042174339294},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.2500181496143341},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.15222078561782837},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.1056925356388092}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8613346219062805},{"id":"https://openalex.org/C71901391","wikidata":"https://www.wikidata.org/wiki/Q7126699","display_name":"Upload","level":2,"score":0.7063827514648438},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.5787057876586914},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.5515994429588318},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.44211211800575256},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.43506455421447754},{"id":"https://openalex.org/C11392498","wikidata":"https://www.wikidata.org/wiki/Q11288","display_name":"Web server","level":3,"score":0.43002042174339294},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.2500181496143341},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.15222078561782837},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.1056925356388092}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2023.3335885","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/tifs.2023.3335885","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.5,"display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G3385172613","display_name":null,"funder_award_id":"2021YFB3100500","funder_id":"https://openalex.org/F4320335777","funder_display_name":"National Key Research and Development Program of China"},{"id":"https://openalex.org/G8211781582","display_name":null,"funder_award_id":"62202484","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320335777","display_name":"National Key Research and Development Program of China","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":29,"referenced_works":["https://openalex.org/W15977527","https://openalex.org/W1489243061","https://openalex.org/W1642192185","https://openalex.org/W2002079460","https://openalex.org/W2008158744","https://openalex.org/W2014590767","https://openalex.org/W2038167710","https://openalex.org/W2050853996","https://openalex.org/W2065555413","https://openalex.org/W2075573771","https://openalex.org/W2085925880","https://openalex.org/W2086631206","https://openalex.org/W2111487235","https://openalex.org/W2134646643","https://openalex.org/W2468358417","https://openalex.org/W2963723316","https://openalex.org/W2969658140","https://openalex.org/W3009004523","https://openalex.org/W3095708133","https://openalex.org/W3107473573","https://openalex.org/W3129035733","https://openalex.org/W3136748915","https://openalex.org/W3156952258","https://openalex.org/W3207946245","https://openalex.org/W4312709013","https://openalex.org/W6604462143","https://openalex.org/W6628190228","https://openalex.org/W6713211458","https://openalex.org/W6754124592"],"related_works":["https://openalex.org/W2070735207","https://openalex.org/W2626999804","https://openalex.org/W4250004941","https://openalex.org/W2137014442","https://openalex.org/W2049015391","https://openalex.org/W1533158771","https://openalex.org/W2909040123","https://openalex.org/W122082928","https://openalex.org/W4234342421","https://openalex.org/W2521397622"],"abstract_inverted_index":{"Unrestricted":[0],"file":[1,8,142,146],"upload":[2,9,143],"(UFU)":[3],"vulnerabilities,":[4,11,193,216,225],"especially":[5],"unrestricted":[6],"executable":[7],"(UEFU)":[10],"pose":[12],"severe":[13],"security":[14],"risks":[15],"to":[16,26,30,43,49,93,228,267],"web":[17,37,187],"servers.":[18],"For":[19],"instance,":[20],"attackers":[21],"can":[22,156],"leverage":[23,90],"such":[24],"vulnerabilities":[25],"execute":[27],"arbitrary":[28],"code":[29],"gain":[31],"the":[32,95,111,159,167,220,246,258],"control":[33],"of":[34,103,113,162,169,223,237,245],"a":[35,100,234],"whole":[36],"server.":[38],"Therefore,":[39],"it":[40],"is":[41],"significant":[42],"develop":[44],"effective":[45,91],"and":[46,52,83,131,150,175,198,209,213,242],"efficient":[47],"methods":[48,59,180],"detect":[50],"UFU":[51,114,130,224,272],"UEFU":[53,132,192,215],"vulnerabilities.":[54,133],"Towards":[55],"this,":[56],"most":[57],"state-of-the-art":[58,179,259],"are":[60,81,135,196],"designed":[61],"based":[62],"on":[63,77,239,271],"dynamic":[64,125],"testing.":[65],"Nevertheless,":[66],"they":[67],"still":[68],"entail":[69],"two":[70,160],"critical":[71],"limitations.":[72],"1)":[73],"They":[74,88],"heavily":[75],"rely":[76],"manual":[78],"efforts,":[79],"which":[80,155],"error-prone":[82],"have":[84,200,264],"poor":[85],"adaptability.":[86],"2)":[87],"seldom":[89],"information":[92],"guide":[94],"testing,":[96],"resulting":[97],"in":[98,139],"generating":[99],"large":[101],"number":[102,222],"invalid":[104,151],"test":[105],"cases.":[106],"Such":[107],"limitations":[108,161],"severely":[109],"hinder":[110],"performance":[112,168],"vulnerability":[115,273],"detection.":[116,274],"In":[117,184,261],"this":[118],"paper,":[119],"we":[120,171,263],"propose":[121],"URadar,":[122,140,170],"an":[123],"adaptive":[124],"testing-based":[126],"method":[127],"for":[128,248],"detecting":[129],"There":[134],"three":[136],"core":[137],"designs":[138],"including":[141],"interface":[144],"identification,":[145],"type":[147],"restriction":[148],"inference,":[149],"mutation":[152],"combination":[153],"filtration,":[154],"effectively":[157],"solve":[158],"existing":[163],"methods.":[164,260],"To":[165,218],"evaluate":[166],"conduct":[172],"extensive":[173],"experiments":[174],"compare":[176],"URadar":[177,189,255,266],"with":[178,233],"(e.g.,":[181],"FUSE,":[182],"RIPS).":[183],"testing":[185],"18":[186],"applications,":[188],"discovers":[190],"26":[191],"where":[194],"8":[195],"new,":[197],"6":[199],"been":[201],"assigned":[202],"new":[203],"CVE/CNNVD":[204],"IDs.":[205],"By":[206],"contrast,":[207],"FUSE":[208,226],"RIPS":[210],"find":[211],"14":[212],"2":[214],"respectively.":[217],"discover":[219],"same":[221],"needs":[227],"send":[229],"73,261":[230],"request":[231],"packets":[232],"time":[235],"cost":[236],"2,791.1s":[238],"average,":[240],"23.43":[241],"20.53":[243],"times":[244],"requirements":[247],"URadar.":[249],"The":[250],"above":[251],"results":[252],"demonstrate":[253],"that":[254],"significantly":[256],"outperforms":[257],"addition,":[262],"open-sourced":[265],"facilitate":[268],"future":[269],"research":[270]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":3}],"updated_date":"2026-05-07T13:39:58.223016","created_date":"2025-10-10T00:00:00"}