{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T22:47:17Z","timestamp":1743029237810,"version":"3.40.3"},"publisher-location":"Cham","reference-count":31,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030900212"},{"type":"electronic","value":"9783030900229"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-90022-9_2","type":"book-chapter","created":{"date-parts":[[2021,11,3]],"date-time":"2021-11-03T08:06:08Z","timestamp":1635926768000},"page":"23-42","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["XHunter: Understanding XXE Vulnerability via Automatic Analysis"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0957-8007","authenticated-orcid":false,"given":"Zhenhua","family":"Wang","sequence":"first","affiliation":[]},{"given":"Wei","family":"Xie","sequence":"additional","affiliation":[]},{"given":"Jing","family":"Tao","sequence":"additional","affiliation":[]},{"given":"Yong","family":"Tang","sequence":"additional","affiliation":[]},{"given":"Enze","family":"Wang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,11,4]]},"reference":[{"key":"2_CR1","unstructured":"Billion laughs attack. https:\/\/en.wikipedia.org\/wiki\/Billion_laughs_attack"},{"key":"2_CR2","unstructured":"Chanzhi eps. https:\/\/github.com\/goodrain-apps\/chanzhieps"},{"key":"2_CR3","unstructured":"Drupal. https:\/\/www.drupal.org\/"},{"key":"2_CR4","unstructured":"How we got read access on Google\u2019s production servers. https:\/\/blog.detectify.com\/2014\/04\/11\/how-we-got-read-access-on-googles-production-servers\/"},{"key":"2_CR5","unstructured":"Joomla. https:\/\/www.joomla.org\/"},{"key":"2_CR6","unstructured":"OWASP top 10 application security risks - 2017. https:\/\/owasp.org\/wwwprojecttopten\/OWASP_Top_Ten_2017\/Top_10-2017_Top_10.html"},{"key":"2_CR7","unstructured":"PHP runtime vulnearbility detect. https:\/\/github.com\/ExploreZone\/prvd"},{"key":"2_CR8","unstructured":"Security bulletin: Websphere application server is vulnerable to an information exposure vulnerability. https:\/\/www.ibm.com\/support\/pages\/node\/6334311. Accessed 24 Sept 2020"},{"key":"2_CR9","unstructured":"XXE in OpenID of Facebook. https:\/\/www.ubercomp.com\/posts\/2014-01-16_facebook_remote_code_execution"},{"key":"2_CR10","unstructured":"XXE in WeChat pay SDK. https:\/\/seclists.org\/fulldisclosure\/2018\/Jul\/3"},{"key":"2_CR11","doi-asserted-by":"crossref","unstructured":"Alhuzali, A., Eshete, B., Gjomemo, R., Venkatakrishnan, V.: Chainsaw: chained automated workflow-based exploit generation. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 641\u2013652 (2016)","DOI":"10.1145\/2976749.2978380"},{"key":"2_CR12","unstructured":"Alhuzali, A., Gjomemo, R., Eshete, B., Venkatakrishnan, V.: $$\\{$$NAVEX$$\\}$$: precise and scalable exploit generation for dynamic web applications. In: 27th $$\\{$$USENIX$$\\}$$ Security Symposium ($$\\{$$USENIX$$\\}$$ Security 18), pp. 377\u2013392 (2018)"},{"key":"2_CR13","doi-asserted-by":"crossref","unstructured":"Balzarotti, D., et al.: Saner: composing static and dynamic analysis to validate sanitization in web applications. In: 2008 IEEE Symposium on Security and Privacy (SP 2008), pp. 387\u2013401. IEEE (2008)","DOI":"10.1109\/SP.2008.22"},{"key":"2_CR14","doi-asserted-by":"crossref","unstructured":"Balzarotti, D., Cova, M., Felmetsger, V.V., Vigna, G.: Multi-module vulnerability analysis of web-based applications. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 25\u201335 (2007)","DOI":"10.1145\/1315245.1315250"},{"key":"2_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1007\/978-3-540-74320-0_4","volume-title":"Recent Advances in Intrusion Detection","author":"M Cova","year":"2007","unstructured":"Cova, M., Balzarotti, D., Felmetsger, V., Vigna, G.: Swaddler: an approach for the anomaly-based detection of state violations in web applications. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 63\u201386. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-74320-0_4"},{"key":"2_CR16","unstructured":"Dahse, J., Schwenk, J.: RIPS-A static source code analyser for vulnerabilities in PHP scripts. In: Seminar Work (Seminer \u00c7alismasi). Horst G\u00f6rtz Institute Ruhr-University Bochum (2010)"},{"key":"2_CR17","doi-asserted-by":"crossref","unstructured":"Duchene, F., Groz, R., Rawat, S., Richier, J.L.: XSS vulnerability detection using model inference assisted evolutionary fuzzing. In: 2012 IEEE 5th International Conference on Software Testing, Verification and Validation, pp. 815\u2013817. IEEE (2012)","DOI":"10.1109\/ICST.2012.181"},{"key":"2_CR18","doi-asserted-by":"crossref","unstructured":"Duchene, F., Rawat, S., Richier, J.L., Groz, R.: Kameleonfuzz: evolutionary fuzzing for black-box XSS detection. In: Proceedings of the 4th ACM conference on Data and Application Security and Privacy, pp. 37\u201348 (2014)","DOI":"10.1145\/2557547.2557550"},{"key":"2_CR19","doi-asserted-by":"crossref","unstructured":"Jovanovic, N., Kruegel, C., Kirda, E.: Pixy: a static analysis tool for detecting web application vulnerabilities. In: 2006 IEEE Symposium on Security and Privacy, SP 2006, pp. 258\u2013263 (2006)","DOI":"10.1109\/SP.2006.29"},{"key":"2_CR20","doi-asserted-by":"crossref","unstructured":"Lee, T., Wi, S., Lee, S., Son, S.: Fuse: finding file upload bugs via penetration testing. In: 2020 Network and Distributed System Security Symposium. Network & Distributed System Security Symposium (2020)","DOI":"10.14722\/ndss.2020.23126"},{"key":"2_CR21","doi-asserted-by":"crossref","unstructured":"Li, L., Dong, Q., Liu, D., Zhu, L.: The application of fuzzing in web software security vulnerabilities test. In: 2013 International Conference on Information Technology and Applications, pp. 130\u2013133. IEEE (2013)","DOI":"10.1109\/ITA.2013.36"},{"issue":"16","key":"2_CR22","doi-asserted-by":"publisher","first-page":"3283","DOI":"10.3390\/app9163283","volume":"9","author":"Z Luo","year":"2019","unstructured":"Luo, Z., Wang, B., Tang, Y., Xie, W.: Semantic-based representation binary clone detection for cross-architectures in the internet of things. Appl. Sci. 9(16), 3283 (2019)","journal-title":"Appl. Sci."},{"key":"2_CR23","doi-asserted-by":"crossref","unstructured":"Pellegrino, G., Johns, M., Koch, S., Backes, M., Rossow, C.: Deemon: detecting CSRF with dynamic analysis and property graphs. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1757\u20131771 (2017)","DOI":"10.1145\/3133956.3133959"},{"key":"2_CR24","doi-asserted-by":"crossref","unstructured":"Son, S., Shmatikov, V.: Saferphp: finding semantic vulnerabilities in PHP applications. In: Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security, pp. 1\u201313 (2011)","DOI":"10.1145\/2166956.2166964"},{"key":"2_CR25","unstructured":"Sp\u00e4th, C., Mainka, C., Mladenov, V., Schwenk, J.: Sok:$$\\{$$XML$$\\}$$ parser vulnerabilities. In: 10th $$\\{$$USENIX$$\\}$$ Workshop on Offensive Technologies ($$\\{$$WOOT$$\\}$$ 16) (2016)"},{"key":"2_CR26","unstructured":"Sp\u00e4th, C., Schwenk, J.: Security implications of DTD attacks against a wide range of XML parsers. Master, Ruhr-University Bochum (2015)"},{"key":"2_CR27","unstructured":"Steuck, G.: XXE (XML external entity) attack. OWASP (October 2002)"},{"key":"2_CR28","unstructured":"Morgan, T.D., Ibrahim, O.A.: XML schema, DTD, and entity attacks. http:\/\/vsecurity.com\/download\/papers\/XMLDTDEntityAttacks.pdf. Accessed 19 May 2014"},{"key":"2_CR29","unstructured":"Yunusov, T., Osipov, A.: XML out-of-band data retrieval. In: BlackHat EU 2013 (2013)"},{"issue":"11","key":"2_CR30","doi-asserted-by":"publisher","first-page":"4015","DOI":"10.3390\/app10114015","volume":"10","author":"E Wang","year":"2020","unstructured":"Wang, E., Wang, B., Xie, W., Wang, Z., Luo, Z., Yue, T.: EWVHunter: grey-box fuzzing with knowledge guide on embedded web front-ends. Appl. Sci. 10(11), 4015 (2020)","journal-title":"Appl. Sci."},{"key":"2_CR31","unstructured":"Xie, Y., Aiken, A.: Static detection of security vulnerabilities in scripting languages. In: USENIX Security Symposium, vol. 15, pp. 179\u2013192 (2006)"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Security and Privacy in Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-90022-9_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,11,3]],"date-time":"2021-11-03T08:07:08Z","timestamp":1635926828000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-90022-9_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030900212","9783030900229"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-90022-9_2","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"4 November 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SecureComm","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Security and Privacy in Communication Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6 September 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 September 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"securecomm2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/securecomm.eai-conferences.org\/2021\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Confy +","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"143","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"56","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"39% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}