{"id":"https://openalex.org/W3207946245","doi":"https://doi.org/10.1145/3471621.3471859","title":"UFuzzer: Lightweight Detection of PHP-Based Unrestricted File Upload Vulnerabilities Via Static-Fuzzing Co-Analysis","display_name":"UFuzzer: Lightweight Detection of PHP-Based Unrestricted File Upload Vulnerabilities Via Static-Fuzzing Co-Analysis","publication_year":2021,"publication_date":"2021-10-06","ids":{"openalex":"https://openalex.org/W3207946245","doi":"https://doi.org/10.1145/3471621.3471859","mag":"3207946245"},"language":"en","primary_location":{"id":"doi:10.1145/3471621.3471859","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3471621.3471859","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"24th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://corescholar.libraries.wright.edu/cse/608","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5028877667","display_name":"Jin Huang","orcid":"https://orcid.org/0000-0002-9804-0195"},"institutions":[{"id":"https://openalex.org/I19648265","display_name":"Wright State University","ror":"https://ror.org/04qk6pt94","country_code":"US","type":"education","lineage":["https://openalex.org/I19648265"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Jin Huang","raw_affiliation_strings":["Wright State University, US"],"affiliations":[{"raw_affiliation_string":"Wright State University, US","institution_ids":["https://openalex.org/I19648265"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100343070","display_name":"Junjie Zhang","orcid":"https://orcid.org/0000-0003-0061-3790"},"institutions":[{"id":"https://openalex.org/I19648265","display_name":"Wright State University","ror":"https://ror.org/04qk6pt94","country_code":"US","type":"education","lineage":["https://openalex.org/I19648265"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Junjie Zhang","raw_affiliation_strings":["Wright State University, US"],"affiliations":[{"raw_affiliation_string":"Wright State University, US","institution_ids":["https://openalex.org/I19648265"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053280762","display_name":"Jialun Liu","orcid":"https://orcid.org/0000-0002-0802-8986"},"institutions":[{"id":"https://openalex.org/I19648265","display_name":"Wright State University","ror":"https://ror.org/04qk6pt94","country_code":"US","type":"education","lineage":["https://openalex.org/I19648265"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jialun Liu","raw_affiliation_strings":["Wright State University, US"],"affiliations":[{"raw_affiliation_string":"Wright State University, US","institution_ids":["https://openalex.org/I19648265"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100386697","display_name":"Chuang Li","orcid":"https://orcid.org/0000-0001-8346-9434"},"institutions":[{"id":"https://openalex.org/I19648265","display_name":"Wright State University","ror":"https://ror.org/04qk6pt94","country_code":"US","type":"education","lineage":["https://openalex.org/I19648265"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Chuang Li","raw_affiliation_strings":["Wright State University, US"],"affiliations":[{"raw_affiliation_string":"Wright State University, US","institution_ids":["https://openalex.org/I19648265"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101751030","display_name":"Rui Dai","orcid":"https://orcid.org/0000-0001-6620-7862"},"institutions":[{"id":"https://openalex.org/I63135867","display_name":"University of Cincinnati","ror":"https://ror.org/01e3m7079","country_code":"US","type":"education","lineage":["https://openalex.org/I63135867"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Rui Dai","raw_affiliation_strings":["University of Cincinnati, US"],"affiliations":[{"raw_affiliation_string":"University of Cincinnati, US","institution_ids":["https://openalex.org/I63135867"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5028877667"],"corresponding_institution_ids":["https://openalex.org/I19648265"],"apc_list":null,"apc_paid":null,"fwci":3.1288,"has_fulltext":false,"cited_by_count":16,"citation_normalized_percentile":{"value":0.92790535,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"78","last_page":"90"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9937999844551086,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9922999739646912,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.9036071300506592},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8738517165184021},{"id":"https://openalex.org/keywords/cross-site-scripting","display_name":"Cross-site scripting","score":0.8093048334121704},{"id":"https://openalex.org/keywords/upload","display_name":"Upload","score":0.6352062821388245},{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.6314775943756104},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.6302634477615356},{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.5905011296272278},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.5327346920967102},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.5008692741394043},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.5000040531158447},{"id":"https://openalex.org/keywords/semantics","display_name":"Semantics (computer science)","score":0.45571044087409973},{"id":"https://openalex.org/keywords/web-service","display_name":"Web service","score":0.4299968183040619},{"id":"https://openalex.org/keywords/program-analysis","display_name":"Program analysis","score":0.4173704981803894},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.41728031635284424},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.36523115634918213},{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.34092819690704346},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.30534887313842773},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.15845948457717896},{"id":"https://openalex.org/keywords/web-development","display_name":"Web development","score":0.1282731592655182}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.9036071300506592},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8738517165184021},{"id":"https://openalex.org/C39569185","wikidata":"https://www.wikidata.org/wiki/Q371199","display_name":"Cross-site scripting","level":5,"score":0.8093048334121704},{"id":"https://openalex.org/C71901391","wikidata":"https://www.wikidata.org/wiki/Q7126699","display_name":"Upload","level":2,"score":0.6352062821388245},{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.6314775943756104},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.6302634477615356},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.5905011296272278},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.5327346920967102},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.5008692741394043},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.5000040531158447},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.45571044087409973},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.4299968183040619},{"id":"https://openalex.org/C98183937","wikidata":"https://www.wikidata.org/wiki/Q2112188","display_name":"Program analysis","level":2,"score":0.4173704981803894},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.41728031635284424},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.36523115634918213},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.34092819690704346},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.30534887313842773},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.15845948457717896},{"id":"https://openalex.org/C79373723","wikidata":"https://www.wikidata.org/wiki/Q386275","display_name":"Web development","level":3,"score":0.1282731592655182},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3471621.3471859","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3471621.3471859","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"24th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},{"id":"pmh:oai:corescholar.libraries.wright.edu:cse-1605","is_oa":true,"landing_page_url":"https://corescholar.libraries.wright.edu/cse/608","pdf_url":null,"source":{"id":"https://openalex.org/S2737205702","display_name":"Journal of Bioresource Management","issn_l":"2309-3854","issn":["2309-3854"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":"https://openalex.org/P4310316536","host_organization_name":"Bioresource Research Center (BRC), Islamabad","host_organization_lineage":["https://openalex.org/P4310316536"],"host_organization_lineage_names":["Bioresource Research Center (BRC), Islamabad"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Computer Science and Engineering Faculty Publications","raw_type":"text"},{"id":"pmh:oai:works.bepress.com:junjie_zhang-1072","is_oa":true,"landing_page_url":"https://works.bepress.com/junjie_zhang/40","pdf_url":null,"source":{"id":"https://openalex.org/S2737205702","display_name":"Journal of Bioresource Management","issn_l":"2309-3854","issn":["2309-3854"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":"https://openalex.org/P4310316536","host_organization_name":"Bioresource Research Center (BRC), Islamabad","host_organization_lineage":["https://openalex.org/P4310316536"],"host_organization_lineage_names":["Bioresource Research Center (BRC), Islamabad"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Junjie Zhang","raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:corescholar.libraries.wright.edu:cse-1605","is_oa":true,"landing_page_url":"https://corescholar.libraries.wright.edu/cse/608","pdf_url":null,"source":{"id":"https://openalex.org/S2737205702","display_name":"Journal of Bioresource Management","issn_l":"2309-3854","issn":["2309-3854"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":"https://openalex.org/P4310316536","host_organization_name":"Bioresource Research Center (BRC), Islamabad","host_organization_lineage":["https://openalex.org/P4310316536"],"host_organization_lineage_names":["Bioresource Research Center (BRC), Islamabad"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Computer Science and Engineering Faculty Publications","raw_type":"text"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.46000000834465027,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":16,"referenced_works":["https://openalex.org/W254881558","https://openalex.org/W1480909796","https://openalex.org/W1531027799","https://openalex.org/W2008158744","https://openalex.org/W2047551636","https://openalex.org/W2050853996","https://openalex.org/W2075573771","https://openalex.org/W2086631206","https://openalex.org/W2094568767","https://openalex.org/W2110986027","https://openalex.org/W2292865721","https://openalex.org/W2311403874","https://openalex.org/W2350778671","https://openalex.org/W2786558656","https://openalex.org/W2997473338","https://openalex.org/W4206109200"],"related_works":["https://openalex.org/W2611265297","https://openalex.org/W1976299830","https://openalex.org/W2997044556","https://openalex.org/W2548409577","https://openalex.org/W2407701912","https://openalex.org/W3089408602","https://openalex.org/W3180404666","https://openalex.org/W1531015913","https://openalex.org/W2914996832","https://openalex.org/W2295858576"],"abstract_inverted_index":{"Unrestricted":[0],"file":[1],"upload":[2,7],"vulnerabilities":[3,30],"enable":[4],"attackers":[5],"to":[6,10,24,61,95],"malicious":[8],"scripts":[9,165],"a":[11,20,75,85],"web":[12,34,77,136],"server":[13],"for":[14,91],"later":[15],"execution.":[16],"We":[17],"have":[18,142],"built":[19],"system,":[21],"namely":[22],"UFuzzer,":[23],"effectively":[25,69],"and":[26,68,129],"automatically":[27],"detect":[28],"such":[29],"in":[31,84,109,149],"PHP-based":[32],"server-side":[33,76],"programs.":[35],"Different":[36,113],"from":[37,114],"existing":[38,147],"detection":[39,111],"methods":[40,148],"that":[41,66,144],"use":[42],"either":[43,150],"static":[44,58],"program":[45,59,105],"analysis":[46,60,127],"or":[47,152,154],"fuzzing,":[48],"UFuzzer":[49,79,98,117,145],"integrates":[50],"both":[51],"(i.e.,":[52],"static-fuzzing":[53],"co-analysis).":[54],"Specifically,":[55],"it":[56,158],"leverages":[57],"generate":[62],"executable":[63],"code":[64,121],"templates":[65,83],"compactly":[67],"summarize":[70],"the":[71,100,126,132],"vulnerability-relevant":[72],"semantics":[73,101],"of":[74,102,134],"application.":[78],"then":[80],"\u201cfuzzes\u201d":[81],"these":[82],"local,":[86],"native":[87],"PHP":[88,164],"runtime":[89],"environment":[90],"vulnerability":[92],"detection.":[93],"Compared":[94],"static-analysis-based":[96],"methods,":[97,116],"preserves":[99],"an":[103],"analyzed":[104],"more":[106],"effectively,":[107],"resulting":[108],"higher":[110],"performance.":[112],"fuzzing-based":[115],"exercises":[118],"each":[119],"generated":[120],"template":[122],"locally,":[123],"thereby":[124],"reducing":[125],"overhead":[128],"meanwhile":[130],"eliminating":[131],"need":[133],"operating":[135],"services.":[137],"Experiments":[138],"using":[139],"real-world":[140],"data":[141],"demonstrated":[143],"outperforms":[146],"efficiency,":[151],"accuracy,":[153],"both.":[155],"In":[156],"addition,":[157],"has":[159],"detected":[160],"31":[161],"unknown":[162],"vulnerable":[163],"including":[166],"5":[167],"CVEs.":[168]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":3}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}