WAPTEC: Whitebox Analysis of Web Applications for Parameter Tampering Exploit Construction

18th ACM Conference on Computer and Communications Security (CCS 2011)

Prithvi Bisht, Timothy Hinrichs, Nazari Skrupsky, V.N. Venkatakrishnan

This web page contains additional information for experiments conducted on various web applications.

Details of few interesting exploits
Application Exploit Report Impact
SnipeGallery REPORT Attacker can create hidden albums (present in the database but not shown by the application). Further, exploited parameter is also vulnerable to SQL injection attacks and can compromise the database integrity.
SPHPBlog REPORT Attacker can make the application unusable by sending a single HTTP request (easy denial of service attack).
DCPPortal REPORT An attacker can create administrator account (privilege escalation) by setting make_install_prn cookie.
DCPPortal REPORT An attacker can create accounts with duplicate user names.
PHPNews REPORT A rogue administrator is able to over-write arbitrary files in the vulnerable web application. Also, files of other deployed applications on the same server can be overwritten.
Landshop REPORT An attacker can delete arbitrary property listings from the website.
MyBloggie REPORT Attacker can hijack a future blogging category.

Detailed reports of all exploits found by WAPTEC


Demo: Trace Generation Transformation