{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,5]],"date-time":"2026-02-05T06:57:37Z","timestamp":1770274657363,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":46,"publisher":"ACM","license":[{"start":{"date-parts":[[2014,11,3]],"date-time":"2014-11-03T00:00:00Z","timestamp":1414972800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2014,11,3]]},"DOI":"10.1145\/2660267.2660363","type":"proceedings-article","created":{"date-parts":[[2014,11,11]],"date-time":"2014-11-11T13:40:05Z","timestamp":1415713205000},"page":"42-53","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":34,"title":["Code Reuse Attacks in PHP"],"prefix":"10.1145","author":[{"given":"Johannes","family":"Dahse","sequence":"first","affiliation":[{"name":"Ruhr-University Bochum, Bochum, Germany"}]},{"given":"Nikolai","family":"Krein","sequence":"additional","affiliation":[{"name":"Ruhr-University Bochum, Bochum, Germany"}]},{"given":"Thorsten","family":"Holz","sequence":"additional","affiliation":[{"name":"Ruhr-University Bochum, Bochum, Germany"}]}],"member":"320","published-online":{"date-parts":[[2014,11,3]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.22"},{"key":"e_1_3_2_1_2_1","first-page":"187","volume-title":"USENIX Security Symposium","author":"Barth A.","year":"2009"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1966913.1966919"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1985793.1985827"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866370"},{"key":"e_1_3_2_1_6_1","volume-title":"Simulation of Built-in PHP Features for Precise Static Code Analysis. In Symposium on Network and Distributed System Security (NDSS)","author":"Dahse J.","year":"2014"},{"key":"e_1_3_2_1_7_1","volume-title":"Static Detection of Second-Order Vulnerabilities in Web Applications. In USENIX Security Symposium","author":"Dahse J.","year":"2014"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.5555\/646153.679523"},{"key":"e_1_3_2_1_9_1","volume-title":"Power of Community (POC)","author":"Esser S.","year":"2009"},{"key":"e_1_3_2_1_10_1","unstructured":"Esser S. Utilizing Code Reuse Or Return Oriented Programming in PHP Applications. In BlackHat USA(2010).  Esser S. Utilizing Code Reuse Or Return Oriented Programming in PHP Applications. In BlackHat USA(2010)."},{"key":"e_1_3_2_1_11_1","first-page":"168","volume-title":"GATEKEEPER: Mostly Static Enforcement ofSecurity and Reliability Policies for JavaScript Code. In USENIX Security Symposium","author":"Guarnieri S.","year":"2009"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2001420.2001442"},{"key":"e_1_3_2_1_13_1","volume-title":"Proceedings of the IEEE International Symposium on Secure Software Engineering","author":"Halfond W. G.","year":"2006"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2483760.2483786"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/988672.988679"},{"key":"e_1_3_2_1_16_1","volume-title":"Return-oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms. In USENIX Security Symposium","author":"Hund R.","year":"2009"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1529282.1529711"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.29"},{"key":"e_1_3_2_1_19_1","unstructured":"Klein A. Cross-Site Scripting Explained. Sanctum White Paper (2002).  Klein A. Cross-Site Scripting Explained. Sanctum White Paper (2002)."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1882291.1882355"},{"key":"e_1_3_2_1_21_1","unstructured":"Krahmer S. x86--64 Buffer Overflow Exploits and the Borrowed Code Chunks Exploitation Technique. http:\/\/users.suse.com\/~krahmer\/no-nx.pdf 2005.  Krahmer S. x86--64 Buffer Overflow Exploits and the Borrowed Code Chunks Exploitation Technique. http:\/\/users.suse.com\/~krahmer\/no-nx.pdf 2005."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/11575467_11"},{"key":"e_1_3_2_1_23_1","volume-title":"Finding Security Vulnerabilities in Java Applications with Static Analysis. In USENIX Security Symposium","author":"Livshits V. B.","year":"2005"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2491411.2491417"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/566171.566174"},{"key":"e_1_3_2_1_26_1","unstructured":"MITRE. Common Vulnerabilities and Exposures (CVE). http:\/\/cve.mitre.org\/ as of May 2014.  MITRE. Common Vulnerabilities and Exposures (CVE). http:\/\/cve.mitre.org\/ as of May 2014."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2133375.2133377"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.26"},{"key":"e_1_3_2_1_29_1","volume-title":"USENIX Security Symposium","author":"Schwartz E. J.","year":"2011"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/1925844.1926390"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.45"},{"key":"e_1_3_2_1_32_1","unstructured":"Solar Designer. Getting around non-executable stack (and fix). http:\/\/seclists.org\/bugtraq\/1997\/Aug\/63 as of May 2014.  Solar Designer. Getting around non-executable stack (and fix). http:\/\/seclists.org\/bugtraq\/1997\/Aug\/63 as of May 2014."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2166956.2166964"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2076021.2048145"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-31057-7_20"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/354222.353189"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.13"},{"key":"e_1_3_2_1_38_1","unstructured":"The PHP Group. PHP: Autoloading Classes. http:\/\/php.net\/manual\/language.oop5.autoload.php as of May 2014.  The PHP Group. PHP: Autoloading Classes. http:\/\/php.net\/manual\/language.oop5.autoload.php as of May 2014."},{"key":"e_1_3_2_1_39_1","unstructured":"The PHP Group. PHP: Magic Methods.http:\/\/php.net\/manual\/language.oop5.magic.php as of May 2014.  The PHP Group. PHP: Magic Methods.http:\/\/php.net\/manual\/language.oop5.magic.php as of May 2014."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1543135.1542486"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33338-5_5"},{"key":"e_1_3_2_1_42_1","unstructured":"W3Techs. Usage of Content Management Systems for Websites. http:\/\/w3techs.com\/technologies\/ overview\/content_management\/all as of May 2014.  W3Techs. Usage of Content Management Systems for Websites. http:\/\/w3techs.com\/technologies\/ overview\/content_management\/all as of May 2014."},{"key":"e_1_3_2_1_43_1","unstructured":"W3Techs. Usage of Server-side Programming Languages for Websites. http:\/\/w3techs.com\/ technologies\/overview\/programming_language\/all as of May 2014.  W3Techs. Usage of Server-side Programming Languages for Websites. http:\/\/w3techs.com\/ technologies\/overview\/programming_language\/all as of May 2014."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/1368088.1368112"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/1250734.1250739"},{"key":"e_1_3_2_1_46_1","volume-title":"Static Detection of Security Vulnerabilities in Scripting Languages. In USENIX Security Symposium","author":"Xie Y.","year":"2006"}],"event":{"name":"CCS'14: 2014 ACM SIGSAC Conference on Computer and Communications Security","location":"Scottsdale Arizona USA","acronym":"CCS'14","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2660267.2660363","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2660267.2660363","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T06:13:40Z","timestamp":1750227220000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2660267.2660363"}},"subtitle":["Automated POP Chain Generation"],"short-title":[],"issued":{"date-parts":[[2014,11,3]]},"references-count":46,"alternative-id":["10.1145\/2660267.2660363","10.1145\/2660267"],"URL":"https:\/\/doi.org\/10.1145\/2660267.2660363","relation":{},"subject":[],"published":{"date-parts":[[2014,11,3]]},"assertion":[{"value":"2014-11-03","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}