{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T01:20:19Z","timestamp":1740100819386,"version":"3.37.3"},"reference-count":67,"publisher":"IEEE","license":[{"start":{"date-parts":[[2022,5,1]],"date-time":"2022-05-01T00:00:00Z","timestamp":1651363200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2022,5,1]],"date-time":"2022-05-01T00:00:00Z","timestamp":1651363200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022,5]]},"DOI":"10.1109\/spw54247.2022.9833883","type":"proceedings-article","created":{"date-parts":[[2022,7,25]],"date-time":"2022-07-25T20:14:47Z","timestamp":1658780087000},"page":"51-58","source":"Crossref","is-referenced-by-count":2,"title":["yoU aRe a Liar:\/\/A Unified Framework for Cross-Testing URL Parsers"],"prefix":"10.1109","author":[{"given":"Dashmeet Kaur","family":"Ajmani","sequence":"first","affiliation":[{"name":"North Carolina State University,Department of Computer Science"}]},{"given":"Igibek","family":"Koishybayev","sequence":"additional","affiliation":[{"name":"North Carolina State University,Department of Computer Science"}]},{"given":"Alexandros","family":"Kapravelos","sequence":"additional","affiliation":[{"name":"North Carolina State University,Department of Computer Science"}]}],"member":"263","reference":[{"article-title":"Node.js uri.js Testing Suite","year":"0","author":"cox","key":"ref39"},{"year":"0","key":"ref38","article-title":"Node.js url-parse Testing Suite"},{"year":"0","key":"ref33","article-title":"GNU Wget"},{"year":"0","key":"ref32","article-title":"C libcurl Library"},{"year":"0","key":"ref31","article-title":"Python urllib3 Library"},{"year":"0","key":"ref30","article-title":"Python urllib Library"},{"year":"0","key":"ref37","article-title":"Mozilla&#x2019;s url parser"},{"year":"0","key":"ref36","article-title":"Chrome&#x2019;s url library"},{"year":"0","key":"ref35","article-title":"Npm whatwg-url library"},{"year":"0","key":"ref34","article-title":"Php parse_url library"},{"article-title":"The security architecture of the chromium browser","year":"2009","author":"barth","key":"ref60"},{"journal-title":"Browser Security Handbook","year":"2010","author":"zalewski","key":"ref62"},{"journal-title":"The Tangled Web","year":"2011","author":"zalewski","key":"ref61"},{"article-title":"URL Parsing in WebKit","year":"2016","author":"christensen","key":"ref63"},{"year":"0","key":"ref28","article-title":"Node.js url-parse Library"},{"year":"0","key":"ref64","article-title":"Google Safe Browsing"},{"year":"0","key":"ref27","article-title":"10 Best Node.js URL Parsing Libraries"},{"year":"2019","key":"ref65","article-title":"URLPattern API"},{"year":"0","key":"ref66","article-title":"WHATWG: URL GitHub Repository"},{"article-title":"Node.js uri.js Library","year":"0","author":"cox","key":"ref29"},{"year":"2020","key":"ref67","article-title":"Breaking Parser Logic: Take Your Path Normalization off and Pop 0days Out!"},{"year":"0","key":"ref2","article-title":"Uniform Resource Identifier (URI): Generic Syntax"},{"year":"0","key":"ref1","article-title":"Uniform Resource Locators (URL)"},{"year":"0","key":"ref20","article-title":"Cwe-601: Url redirection to untrusted site (&#x2019;open redirect&#x2019;)"},{"year":"0","key":"ref22","article-title":"Cwe-233: Improper handling of parameters"},{"year":"0","key":"ref21","article-title":"Cwe-84: Improper neutralization of encoded uri schemes in a web page"},{"year":"0","key":"ref24","article-title":"Cwe-939: Improper authorization in handler for custom url scheme"},{"year":"0","key":"ref23","article-title":"Cwe-22: Improper limitation of a pathname to a restricted directory (&#x2019;path traversal&#x2019;)"},{"year":"0","key":"ref26","article-title":"Cves on url parsers"},{"year":"0","key":"ref25","article-title":"Cwe-472: External control of assumed-immutable web parameter"},{"year":"0","key":"ref50","article-title":"Cwe-93: Improper neutralization of crlf sequences (&#x2019;crlf injection&#x2019;)"},{"year":"0","key":"ref51","article-title":"Cwe-113: Improper neutralization of crlf sequences in http headers (&#x2019;http response splitting&#x2019;)"},{"article-title":"Google Chrome Statistics for 2022","year":"0","author":"dean","key":"ref59"},{"year":"2022","key":"ref58","article-title":"Usage Statistics and Market Share of PHP for Websites"},{"year":"0","key":"ref57","article-title":"Chrome&#x2019;s url canonicalization"},{"year":"0","key":"ref56","article-title":"Cwe-1007: Insufficient visual distinction of homoglyphs presented to user"},{"year":"2003","key":"ref55","article-title":"Internationalizing Domain Names in Applications (IDNA)"},{"year":"0","key":"ref54","article-title":"Cwe-23: Relative path traversal"},{"year":"2007","key":"ref53","article-title":"cURL docs: URL syntax and their use in curl"},{"year":"0","key":"ref52"},{"article-title":"Make Redirection Evil Again: URL Parser Issues in OAuth","year":"2019","author":"wang","key":"ref10"},{"article-title":"A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages","year":"2017","author":"tsai","key":"ref11"},{"year":"0","key":"ref40","article-title":"Python urllib Testing Suite"},{"article-title":"How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!","year":"2017","author":"tsai","key":"ref12"},{"article-title":"How I Chained 4 Bugs(Features?) into RCE on Amazon Collaboration System","year":"2018","author":"tsai","key":"ref13"},{"article-title":"Exploiting URL Parsers: The Good, Bad, and Inconsistent","year":"2022","author":"noam","key":"ref14"},{"year":"0","key":"ref15","article-title":"Connection String URI Format"},{"year":"0","key":"ref16","article-title":"WHATWG: URL Living Standard"},{"article-title":"Bypassing domain deny_list rule in smokescreen via trailing dot leads to ssrf","year":"2021","author":"niedziela","key":"ref17"},{"article-title":"Ssrf chained to hit internal host leading to another ssrf which allows to read internal images","year":"2020","author":"jaiswal","key":"ref18"},{"year":"0","key":"ref19","article-title":"Cwe-918: Server-side request forgery (ssrf)"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/3313831.3376298"},{"year":"2021","key":"ref3","article-title":"Server-side Request Forgery"},{"key":"ref6","article-title":"Identifying phishing websites through url parsing","volume":"8","author":"anitha","year":"2019","journal-title":"International Journal of Engineering Research and Technology"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/IEMCON.2016.7746247"},{"article-title":"My URL isn&#x2019;t your URL","year":"2016","author":"stenberg","key":"ref8"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-26362-5_15"},{"year":"0","key":"ref49","article-title":"Cwe-288: Authentication bypass using an alternate path or channel"},{"article-title":"One URL standard please","year":"2017","author":"stenberg","key":"ref9"},{"year":"0","key":"ref46","article-title":"Chrome&#x2019;s url testing suite"},{"year":"0","key":"ref45","article-title":"Npm whatwg-url testing suite"},{"year":"0","key":"ref48","article-title":"Hostname spoofing via backslashes in url"},{"year":"0","key":"ref47","article-title":"Mozilla&#x2019;s url parser testing suite"},{"year":"0","key":"ref42","article-title":"C libcurl Testing Suite"},{"year":"0","key":"ref41","article-title":"Python urllib3 Testing Suite"},{"year":"0","key":"ref44","article-title":"Php parse_url testing suite"},{"year":"0","key":"ref43","article-title":"GNU Wget Testing Suite"}],"event":{"name":"2022 IEEE Security and Privacy Workshops (SPW)","start":{"date-parts":[[2022,5,22]]},"location":"San Francisco, CA, USA","end":{"date-parts":[[2022,5,26]]}},"container-title":["2022 IEEE Security and Privacy Workshops (SPW)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9833855\/9833856\/09833883.pdf?arnumber=9833883","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,15]],"date-time":"2022-08-15T20:02:36Z","timestamp":1660593756000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9833883\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,5]]},"references-count":67,"URL":"https:\/\/doi.org\/10.1109\/spw54247.2022.9833883","relation":{},"subject":[],"published":{"date-parts":[[2022,5]]}}}