{"id":"https://openalex.org/W4405181950","doi":"https://doi.org/10.1145/3658644.3670294","title":"MiniCAT: Understanding and Detecting Cross-Page Request Forgery Vulnerabilities in Mini-Programs","display_name":"MiniCAT: Understanding and Detecting Cross-Page Request Forgery Vulnerabilities in Mini-Programs","publication_year":2024,"publication_date":"2024-12-02","ids":{"openalex":"https://openalex.org/W4405181950","doi":"https://doi.org/10.1145/3658644.3670294"},"language":"en","primary_location":{"id":"doi:10.1145/3658644.3670294","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3670294","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3670294","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3670294","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5111263867","display_name":"Zidong Zhang","orcid":"https://orcid.org/0009-0002-5446-9122"},"institutions":[{"id":"https://openalex.org/I80143920","display_name":"Shandong University of Science and Technology","ror":"https://ror.org/04gtjhw98","country_code":"CN","type":"education","lineage":["https://openalex.org/I80143920"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Zidong Zhang","raw_affiliation_strings":["School of Cyber Science and Technology, Shandong University, Qingdao, China"],"raw_orcid":"https://orcid.org/0009-0007-1965-0723","affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, Shandong University, Qingdao, China","institution_ids":["https://openalex.org/I80143920"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032372397","display_name":"Qinsheng Hou","orcid":"https://orcid.org/0000-0002-1119-4766"},"institutions":[{"id":"https://openalex.org/I154099455","display_name":"Shandong University","ror":"https://ror.org/0207yh398","country_code":"CN","type":"education","lineage":["https://openalex.org/I154099455"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qinsheng Hou","raw_affiliation_strings":["Shandong University; QI-ANXIN Technology Research Institute, Qingdao, China","Shandong University"],"raw_orcid":"https://orcid.org/0000-0002-1119-4766","affiliations":[{"raw_affiliation_string":"Shandong University; QI-ANXIN Technology Research Institute, Qingdao, China","institution_ids":[]},{"raw_affiliation_string":"Shandong University","institution_ids":["https://openalex.org/I154099455"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100414046","display_name":"Lingyun Ying","orcid":"https://orcid.org/0000-0001-7445-9103"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Lingyun Ying","raw_affiliation_strings":["QI-ANXIN Technology Research Institute, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0001-7445-9103","affiliations":[{"raw_affiliation_string":"QI-ANXIN Technology Research Institute, Beijing, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5080378687","display_name":"Wenrui Diao","orcid":"https://orcid.org/0000-0003-0916-8806"},"institutions":[{"id":"https://openalex.org/I80143920","display_name":"Shandong University of Science and Technology","ror":"https://ror.org/04gtjhw98","country_code":"CN","type":"education","lineage":["https://openalex.org/I80143920"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wenrui Diao","raw_affiliation_strings":["School of Cyber Science and Technology, Shandong University, Qingdao, China"],"raw_orcid":"https://orcid.org/0000-0003-0916-8806","affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, Shandong University, Qingdao, China","institution_ids":["https://openalex.org/I80143920"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101152479","display_name":"Yacong Gu","orcid":"https://orcid.org/0000-0003-2221-5689"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yacong Gu","raw_affiliation_strings":["Tsinghua University; Tsinghua University-QI-ANXIN Group JCNS, Beijing, China","Tsinghua University"],"raw_orcid":"https://orcid.org/0000-0003-2221-5689","affiliations":[{"raw_affiliation_string":"Tsinghua University; Tsinghua University-QI-ANXIN Group JCNS, Beijing, China","institution_ids":["https://openalex.org/I99065089"]},{"raw_affiliation_string":"Tsinghua University","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100341960","display_name":"Rui Li","orcid":"https://orcid.org/0000-0002-0822-0919"},"institutions":[{"id":"https://openalex.org/I80143920","display_name":"Shandong University of Science and Technology","ror":"https://ror.org/04gtjhw98","country_code":"CN","type":"education","lineage":["https://openalex.org/I80143920"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Rui Li","raw_affiliation_strings":["School of Cyber Science and Technology, Shandong University, Qingdao, China"],"raw_orcid":"https://orcid.org/0000-0002-0822-0919","affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, Shandong University, Qingdao, China","institution_ids":["https://openalex.org/I80143920"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084460856","display_name":"Shanqing Guo","orcid":"https://orcid.org/0000-0003-3367-0951"},"institutions":[{"id":"https://openalex.org/I80143920","display_name":"Shandong University of Science and Technology","ror":"https://ror.org/04gtjhw98","country_code":"CN","type":"education","lineage":["https://openalex.org/I80143920"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shanqing Guo","raw_affiliation_strings":["School of Cyber Science and Technology, Shandong University, Qingdao, China"],"raw_orcid":"https://orcid.org/0000-0003-3367-0951","affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, Shandong University, Qingdao, China","institution_ids":["https://openalex.org/I80143920"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5067799841","display_name":"Haixin Duan","orcid":"https://orcid.org/0000-0003-0083-733X"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Haixin Duan","raw_affiliation_strings":["Tsinghua University; Quancheng Laboratory, Beijing, China","Tsinghua University"],"raw_orcid":"https://orcid.org/0000-0003-0083-733X","affiliations":[{"raw_affiliation_string":"Tsinghua University; Quancheng Laboratory, Beijing, China","institution_ids":["https://openalex.org/I99065089"]},{"raw_affiliation_string":"Tsinghua University","institution_ids":["https://openalex.org/I99065089"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5111263867"],"corresponding_institution_ids":["https://openalex.org/I80143920"],"apc_list":null,"apc_paid":null,"fwci":1.6441,"has_fulltext":false,"cited_by_count":6,"citation_normalized_percentile":{"value":0.8536288,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"525","last_page":"539"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7889358997344971},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.7095268964767456},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6728344559669495},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6685981750488281},{"id":"https://openalex.org/keywords/popularity","display_name":"Popularity","score":0.6582741737365723},{"id":"https://openalex.org/keywords/confidentiality","display_name":"Confidentiality","score":0.6172909736633301},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.4463832378387451},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.42466849088668823}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7889358997344971},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.7095268964767456},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6728344559669495},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6685981750488281},{"id":"https://openalex.org/C2780586970","wikidata":"https://www.wikidata.org/wiki/Q1357284","display_name":"Popularity","level":2,"score":0.6582741737365723},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.6172909736633301},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.4463832378387451},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.42466849088668823},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C77805123","wikidata":"https://www.wikidata.org/wiki/Q161272","display_name":"Social psychology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3658644.3670294","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3670294","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3670294","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3658644.3670294","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3670294","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3670294","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G3601178445","display_name":null,"funder_award_id":"62372268","funder_id":"https://openalex.org/F4320323817","funder_display_name":"Universitas Brawijaya"}],"funders":[{"id":"https://openalex.org/F4320323817","display_name":"Universitas Brawijaya","ror":"https://ror.org/01wk3d929"}],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4405181950.pdf"},"referenced_works_count":22,"referenced_works":["https://openalex.org/W1965995882","https://openalex.org/W1966862293","https://openalex.org/W2146717998","https://openalex.org/W2621177934","https://openalex.org/W2752602409","https://openalex.org/W3097802856","https://openalex.org/W3169031765","https://openalex.org/W3207079465","https://openalex.org/W4284690649","https://openalex.org/W4308391531","https://openalex.org/W4384302769","https://openalex.org/W4388483160","https://openalex.org/W4388857088","https://openalex.org/W4388958843","https://openalex.org/W4388958884","https://openalex.org/W4388958887","https://openalex.org/W4388958891","https://openalex.org/W4388958893","https://openalex.org/W4388958904","https://openalex.org/W4388958910","https://openalex.org/W4388958931","https://openalex.org/W4391021716"],"related_works":["https://openalex.org/W3183948672","https://openalex.org/W3173606202","https://openalex.org/W3110381201","https://openalex.org/W2778153218","https://openalex.org/W1531601525","https://openalex.org/W2906845177","https://openalex.org/W4200107511","https://openalex.org/W2891427086","https://openalex.org/W1968625315","https://openalex.org/W2112141997"],"abstract_inverted_index":{"Mini-programs":[0],"are":[1,43,89,184],"lightweight":[2],"apps":[3,7],"running":[4],"in":[5,18,76,122],"super":[6,127],"(such":[8],"as":[9,96,106,198],"WeChat,":[10],"Baidu,":[11],"Alipay,":[12],"and":[13,38,85,99,125,139,166,200,217,219],"TikTok),":[14],"an":[15,32,150],"emerging":[16],"paradigm":[17],"the":[19,25,54,86,100,130,144,203,214,235],"era":[20],"of":[21,28,80,102,113,135,146,181,195],"mobile":[22],"computing.":[23],"With":[24],"growing":[26],"popularity":[27],"mini-programs,":[29,160],"there":[30],"is":[31,83],"increasing":[33],"concern":[34],"for":[35],"their":[36,126],"security":[37,56,236],"privacy.":[39],"In":[40,62,170],"essence,":[41],"mini-programs":[42,124,183,212],"WebView-based":[44],"apps.":[45,61],"This":[46],"means":[47],"that":[48,178],"they":[49],"may":[50],"be":[51,116],"vulnerable":[52,186,211],"to":[53,92,118,187,213,233,239],"same":[55],"risks":[57],"associated":[58],"with":[59,174,193],"web":[60],"this":[63,81],"work,":[64],"we":[65,148,176,207,229],"discovered":[66],"a":[67],"new":[68],"mini-program":[69],"vulnerability":[70,82],"called":[71,154],"MiniCPRF":[72,114],"(Cross-Page":[73],"Request":[74],"Forgery":[75],"Mini-Programs).":[77],"The":[78,110],"exploit":[79],"easy,":[84],"attack":[87],"consequences":[88],"severe,":[90],"leading":[91],"unauthorized":[93],"operations,":[94],"such":[95,105,197],"free":[97],"shopping,":[98],"exposure":[101],"confidential":[103],"information,":[104],"credit":[107],"card":[108],"numbers.":[109],"root":[111],"causes":[112],"can":[115,157],"attributed":[117],"multiple":[119],"design":[120],"flaws":[121],"both":[123],"apps,":[128],"including":[129,189],"insecure":[131],"routing":[132],"mechanism,":[133],"lack":[134],"message":[136],"integrity":[137],"check,":[138],"plain-text":[140],"storage.":[141],"To":[142],"evaluate":[143],"impacts":[145],"MiniCPRF,":[147,188],"designed":[149],"automated":[151],"analysis":[152,163],"framework":[153],"MiniCAT.":[155],"It":[156],"automatically":[158],"crawl":[159],"perform":[161],"static":[162],"on":[164],"them,":[165],"generate":[167],"detection":[168],"reports.":[169],"large-scale":[171],"real-world":[172,221],"evaluations":[173],"MiniCAT,":[175],"identified":[177],"32.0%":[179],"(13,349/41,726)":[180],"analyzable":[182],"potentially":[185],"some":[190],"famous":[191],"ones":[192],"millions":[194],"users,":[196],"Sohu":[199],"Wenjuanxing.":[201],"Following":[202],"responsible":[204],"disclosure":[205],"principle,":[206],"have":[208,223],"reported":[209],"verified":[210],"corresponding":[215],"vendors":[216],"developers,":[218],"three":[220],"cases":[222],"been":[224],"confirmed":[225],"by":[226],"CNVD.":[227],"Additionally,":[228],"suggest":[230],"mitigation":[231],"strategies":[232],"resolve":[234],"issue":[237],"related":[238],"MiniCPRF.":[240]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}