EARs in the wild: large-scale analysis of execution after redirect vulnerabilities

Abstract

Execution After Redirect vulnerabilities---logic flaws in web applications where unintended code is executed after a redirect---have received little attention from the research community. In fact, we found a research paper that incorrectly modeled the redirect semantics, causing their static analysis to miss EAR vulnerabilities. To understand the breadth… (More)
DOI: 10.1145/2480362.2480699

4 Figures and Tables

Topics

  • Presentations referencing similar topics