{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,10]],"date-time":"2026-04-10T10:05:59Z","timestamp":1775815559548,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":39,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,10,6]],"date-time":"2021-10-06T00:00:00Z","timestamp":1633478400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,10,6]]},"DOI":"10.1145\/3471621.3471859","type":"proceedings-article","created":{"date-parts":[[2021,10,7]],"date-time":"2021-10-07T14:50:46Z","timestamp":1633618246000},"page":"78-90","source":"Crossref","is-referenced-by-count":12,"title":["UFuzzer: Lightweight Detection of PHP-Based Unrestricted File Upload Vulnerabilities Via Static-Fuzzing Co-Analysis"],"prefix":"10.1145","author":[{"given":"Jin","family":"Huang","sequence":"first","affiliation":[{"name":"Wright State University, US"}]},{"given":"Junjie","family":"Zhang","sequence":"additional","affiliation":[{"name":"Wright State University, US"}]},{"given":"Jialun","family":"Liu","sequence":"additional","affiliation":[{"name":"Wright State University, US"}]},{"given":"Chuang","family":"Li","sequence":"additional","affiliation":[{"name":"Wright State University, US"}]},{"given":"Rui","family":"Dai","sequence":"additional","affiliation":[{"name":"University of Cincinnati, US"}]}],"member":"320","published-online":{"date-parts":[[2021,10,7]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Article 81 (July","author":"Allamanis Miltiadis","year":"2018","unstructured":"Miltiadis Allamanis , Earl\u00a0 T. Barr , Premkumar Devanbu , and Charles Sutton . 2018. A Survey of Machine Learning for Big Code and Naturalness. ACM Comput. Surv. 51, 4 , Article 81 (July 2018 ), 37\u00a0pages. Miltiadis Allamanis, Earl\u00a0T. Barr, Premkumar Devanbu, and Charles Sutton. 2018. A Survey of Machine Learning for Big Code and Naturalness. ACM Comput. Surv. 51, 4, Article 81 (July 2018), 37\u00a0pages."},{"key":"e_1_3_2_1_2_1","unstructured":"Oxana Andreeva Sergey Gordeychik Gleb Gritsai Olga Kochetova Evgeniya Potseluevskaya Sergey\u00a0I Sidorov and Alexander\u00a0A Timorin. 2016. Industrial control systems vulnerabilities statistics. Kaspersky Lab Report(2016).  Oxana Andreeva Sergey Gordeychik Gleb Gritsai Olga Kochetova Evgeniya Potseluevskaya Sergey\u00a0I Sidorov and Alexander\u00a0A Timorin. 2016. Industrial control systems vulnerabilities statistics. Kaspersky Lab Report(2016)."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICODSE.2017.8285893"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1390630.1390662"},{"key":"e_1_3_2_1_5_1","volume-title":"BSK Files Manager 1.0.0. [Online","year":"2018","unstructured":"bannersky. 2013. BSK Files Manager 1.0.0. [Online ; accessed 30- July - 2018 ]. bannersky. 2013. BSK Files Manager 1.0.0. [Online; accessed 30-July-2018]."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.3"},{"key":"e_1_3_2_1_7_1","unstructured":"Davide Canali and Davide Balzarotti. 2013. Behind the scenes of online attacks: an analysis of exploitation behaviors on the web. In Network and Distributed System Security (NDSS).  Davide Canali and Davide Balzarotti. 2013. Behind the scenes of online attacks: an analysis of exploitation behaviors on the web. In Network and Distributed System Security (NDSS)."},{"key":"e_1_3_2_1_8_1","volume-title":"Unrestricted File Upload. https:\/\/www.owasp.org\/index.php\/Unrestricted_File_Upload [Online","author":"Wikipedia","year":"2018","unstructured":"Wikipedia contributors. 2018. Unrestricted File Upload. https:\/\/www.owasp.org\/index.php\/Unrestricted_File_Upload [Online ; accessed 22- July - 2018 ]. Wikipedia contributors. 2018. Unrestricted File Upload. https:\/\/www.owasp.org\/index.php\/Unrestricted_File_Upload [Online; accessed 22-July-2018]."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"crossref","unstructured":"Johannes Dahse and Thorsten Holz. 2014. Simulation of Built-in PHP Features for Precise Static Code Analysis. In Network and Distributed System Security (NDSS).  Johannes Dahse and Thorsten Holz. 2014. Simulation of Built-in PHP Features for Precise Static Code Analysis. In Network and Distributed System Security (NDSS).","DOI":"10.14722\/ndss.2014.23262"},{"key":"e_1_3_2_1_10_1","volume-title":"Static Detection of Second-Order Vulnerabilities in Web Applications. In USENIX Security Symposium.","author":"Dahse Johannes","year":"2014","unstructured":"Johannes Dahse and Thorsten Holz . 2014 . Static Detection of Second-Order Vulnerabilities in Web Applications. In USENIX Security Symposium. Johannes Dahse and Thorsten Holz. 2014. Static Detection of Second-Order Vulnerabilities in Web Applications. In USENIX Security Symposium."},{"key":"e_1_3_2_1_11_1","volume-title":"Seminar Work (Seminer \u00c7alismasi)","author":"Dahse Johannes","unstructured":"Johannes Dahse and J\u00f6rg Schwenk . 2010. RIPS-A static source code analyser for vulnerabilities in PHP scripts . In Seminar Work (Seminer \u00c7alismasi) . Horst G\u00f6rtz Institute Ruhr-University Bochum . Johannes Dahse and J\u00f6rg Schwenk. 2010. RIPS-A static source code analyser for vulnerabilities in PHP scripts. In Seminar Work (Seminer \u00c7alismasi). Horst G\u00f6rtz Institute Ruhr-University Bochum."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-78800-3_24"},{"key":"e_1_3_2_1_13_1","volume-title":"XSS Vulnerability Detection Using Model Inference Assisted Evolutionary Fuzzing. In 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation. 815\u2013817","author":"Duchene F.","unstructured":"F. Duchene , R. Groz , S. Rawat , and J. Richier . 2012 . XSS Vulnerability Detection Using Model Inference Assisted Evolutionary Fuzzing. In 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation. 815\u2013817 . F. Duchene, R. Groz, S. Rawat, and J. Richier. 2012. XSS Vulnerability Detection Using Model Inference Assisted Evolutionary Fuzzing. In 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation. 815\u2013817."},{"key":"e_1_3_2_1_14_1","volume-title":"2008 ACM\/IEEE 30th International Conference on Software Engineering. IEEE, 171\u2013180","author":"Gary Wassermann","year":"2008","unstructured":"Wassermann Gary and Zhendong Su . 2008 . Static detection of cross-site scripting vulnerabilities . In 2008 ACM\/IEEE 30th International Conference on Software Engineering. IEEE, 171\u2013180 . Wassermann Gary and Zhendong Su. 2008. Static detection of cross-site scripting vulnerabilities. In 2008 ACM\/IEEE 30th International Conference on Software Engineering. IEEE, 171\u2013180."},{"key":"e_1_3_2_1_15_1","volume-title":"UChecker: Automatically Detecting PHP-Based Unrestricted File Upload Vulnerabilities. In 49th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN).","author":"Huang J.","unstructured":"J. Huang , Y. Li , J. Zhang , and R. Dai . 2019 . UChecker: Automatically Detecting PHP-Based Unrestricted File Upload Vulnerabilities. In 49th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). J. Huang, Y. Li, J. Zhang, and R. Dai. 2019. UChecker: Automatically Detecting PHP-Based Unrestricted File Upload Vulnerabilities. In 49th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN)."},{"key":"e_1_3_2_1_16_1","volume-title":"accessed on","year":"2020","unstructured":"2014) Kali.org.(February\u00a018. accessed on April 15, 2020 . Wfuzz Package Description . http:\/\/tools.kali.org\/web-applications\/wfuzz. 2014) Kali.org.(February\u00a018. accessed on April 15, 2020. Wfuzz Package Description. http:\/\/tools.kali.org\/web-applications\/wfuzz."},{"key":"e_1_3_2_1_17_1","volume-title":"FUSE: Finding File Upload Bugs via Penetration Testing. In Network and Distributed System Security (NDSS).","author":"Lee Taekjin","year":"2020","unstructured":"Taekjin Lee , Seongil Wi , Suyoung Lee , and Sooel Son . 2020 . FUSE: Finding File Upload Bugs via Penetration Testing. In Network and Distributed System Security (NDSS). Taekjin Lee, Seongil Wi, Suyoung Lee, and Sooel Son. 2020. FUSE: Finding File Upload Bugs via Penetration Testing. In Network and Distributed System Security (NDSS)."},{"key":"e_1_3_2_1_18_1","volume-title":"The Application of Fuzzing in Web Software Security Vulnerabilities Test. In 2013 International Conference on Information Technology and Applications. 130\u2013133","author":"Li L.","unstructured":"L. Li , Q. Dong , D. Liu , and L. Zhu . 2013 . The Application of Fuzzing in Web Software Security Vulnerabilities Test. In 2013 International Conference on Information Technology and Applications. 130\u2013133 . L. Li, Q. Dong, D. Liu, and L. Zhu. 2013. The Application of Fuzzing in Web Software Security Vulnerabilities Test. In 2013 International Conference on Information Technology and Applications. 130\u2013133."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-08867-9_43"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2015.2457411"},{"key":"e_1_3_2_1_21_1","volume-title":"Department of Computer Science","author":"Petukhov Andrey","year":"2008","unstructured":"Andrey Petukhov and Dmitry Kozlov . 2008. Detecting security vulnerabilities in web applications using dynamic analysis with penetration testing. Computing Systems Lab , Department of Computer Science , Moscow State University ( 2008 ), 1\u2013120. Andrey Petukhov and Dmitry Kozlov. 2008. Detecting security vulnerabilities in web applications using dynamic analysis with penetration testing. Computing Systems Lab, Department of Computer Science, Moscow State University (2008), 1\u2013120."},{"key":"e_1_3_2_1_22_1","volume-title":"URl: https:\/\/github. com\/nikic\/PHP-Parser (visited on 2014-03-28)","author":"Popov Nikita","year":"2014","unstructured":"Nikita Popov . 2014. PHP Parser . URl: https:\/\/github. com\/nikic\/PHP-Parser (visited on 2014-03-28) ( 2014 ). Nikita Popov. 2014. PHP Parser. URl: https:\/\/github. com\/nikic\/PHP-Parser (visited on 2014-03-28) (2014)."},{"key":"e_1_3_2_1_23_1","volume-title":"URl: https:\/\/github.com\/nikic\/PHP-Fuzzer (visited on 2020-12-09)","author":"Popov Nikita","year":"2019","unstructured":"Nikita Popov . 2019. PHP Fuzzer . URl: https:\/\/github.com\/nikic\/PHP-Fuzzer (visited on 2020-12-09) ( 2019 ). Nikita Popov. 2019. PHP Fuzzer. URl: https:\/\/github.com\/nikic\/PHP-Fuzzer (visited on 2020-12-09) (2019)."},{"key":"e_1_3_2_1_24_1","unstructured":"PortSwigger.(n.d).accessed on April 15 2020. Burp Suite. http:\/\/portswigger.net\/burp\/.  PortSwigger.(n.d).accessed on April 15 2020. Burp Suite. http:\/\/portswigger.net\/burp\/."},{"key":"e_1_3_2_1_25_1","volume-title":"https:\/\/github.com\/scurite\/User-Management-PHP-MYSQL [Online","author":"Randhawa Ajay","year":"2020","unstructured":"Ajay Randhawa . 2018. User-Management-PHP- MYSQL. https:\/\/github.com\/scurite\/User-Management-PHP-MYSQL [Online ; accessed 05- Dec- 2020 ]. Ajay Randhawa. 2018. User-Management-PHP-MYSQL. https:\/\/github.com\/scurite\/User-Management-PHP-MYSQL [Online; accessed 05-Dec-2020]."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.18495\/comengapp.v5i1.161"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.38"},{"key":"e_1_3_2_1_28_1","volume-title":"SAFERPHP: Finding Semantic Vulnerabilities in PHP Applications. In Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security.","author":"Son Sooel","unstructured":"Sooel Son and Vitaly Shmatikov . [n.d.]. SAFERPHP: Finding Semantic Vulnerabilities in PHP Applications. In Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security. Sooel Son and Vitaly Shmatikov. [n.d.]. SAFERPHP: Finding Semantic Vulnerabilities in PHP Applications. In Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security."},{"key":"e_1_3_2_1_29_1","unstructured":"Sourceforge.(n.d).accessed on April 15 2020. JBroFuzz. https:\/\/sourceforge.net\/projects\/jbrofuzz\/.  Sourceforge.(n.d).accessed on April 15 2020. JBroFuzz. https:\/\/sourceforge.net\/projects\/jbrofuzz\/."},{"key":"e_1_3_2_1_30_1","unstructured":"Sourceforge.(n.d).accessed on April 15 2020. Wapiti. https:\/\/wapiti.sourceforge.io\/.  Sourceforge.(n.d).accessed on April 15 2020. Wapiti. https:\/\/wapiti.sourceforge.io\/."},{"key":"e_1_3_2_1_31_1","volume-title":"Synode: Understanding and Automatically Preventing Injection Attacks on Node. js. In Network and Distributed System Security (NDSS).","author":"Staicu Cristian-Alexandru","year":"2018","unstructured":"Cristian-Alexandru Staicu , Michael Pradel , and Benjamin Livshits . 2018 . Synode: Understanding and Automatically Preventing Injection Attacks on Node. js. In Network and Distributed System Security (NDSS). Cristian-Alexandru Staicu, Michael Pradel, and Benjamin Livshits. 2018. Synode: Understanding and Automatically Preventing Injection Attacks on Node. js. In Network and Distributed System Security (NDSS)."},{"key":"e_1_3_2_1_32_1","volume-title":"IT Convergence and Security (ICITCS), 2016 6th International Conference on.","author":"Uddin Nasir","unstructured":"Nasir Uddin and Mohammad Jabr . [n.d.]. File Upload Security and Validation in Context of Software as a Service Cloud Model . In IT Convergence and Security (ICITCS), 2016 6th International Conference on. Nasir Uddin and Mohammad Jabr. [n.d.]. File Upload Security and Validation in Context of Software as a Service Cloud Model. In IT Convergence and Security (ICITCS), 2016 6th International Conference on."},{"key":"e_1_3_2_1_33_1","unstructured":"w3af. (n.d.).accessed on April 15 2020. w3af - Open Source Web Application Security Scanner. http:\/\/w3af.org\/.  w3af. (n.d.).accessed on April 15 2020. w3af - Open Source Web Application Security Scanner. http:\/\/w3af.org\/."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1049\/cp.2014.0589"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"crossref","unstructured":"Gary Wassermann and Zhendong Su. 2007. Sound and precise analysis of web applications for injection vulnerabilities. In ACM Sigplan Notices Vol.\u00a042. ACM 32\u201341.  Gary Wassermann and Zhendong Su. 2007. Sound and precise analysis of web applications for injection vulnerabilities. In ACM Sigplan Notices Vol.\u00a042. ACM 32\u201341.","DOI":"10.1145\/1273442.1250739"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/1390630.1390661"},{"key":"e_1_3_2_1_37_1","volume-title":"https:\/\/wordpress.org\/plugins\/imagements\/ [Online","year":"2020","unstructured":"williewonka. 2012. Imagements. https:\/\/wordpress.org\/plugins\/imagements\/ [Online ; accessed 05- Dec- 2020 ]. williewonka. 2012. Imagements. https:\/\/wordpress.org\/plugins\/imagements\/ [Online; accessed 05-Dec-2020]."},{"key":"e_1_3_2_1_38_1","volume-title":"accessed on","year":"2020","unstructured":"WordPress.org. accessed on April 15, 2020 . sanitize_file_name. URl : https:\/\/developer.wordpress.org\/reference\/functions\/. WordPress.org. accessed on April 15, 2020. sanitize_file_name. URl: https:\/\/developer.wordpress.org\/reference\/functions\/."},{"key":"e_1_3_2_1_39_1","volume-title":"USENIX Security Symposium.","author":"Xie Yichen","year":"2006","unstructured":"Yichen Xie and Alex Aiken . 2006 . Static Detection of Security Vulnerabilities in Scripting Languages .. In USENIX Security Symposium. Yichen Xie and Alex Aiken. 2006. Static Detection of Security Vulnerabilities in Scripting Languages.. In USENIX Security Symposium."}],"event":{"name":"RAID '21: 24th International Symposium on Research in Attacks, Intrusions and Defenses","location":"San Sebastian Spain","acronym":"RAID '21"},"container-title":["24th International Symposium on Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3471621.3471859","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3471621.3471859","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T21:24:49Z","timestamp":1750195489000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3471621.3471859"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,10,6]]},"references-count":39,"alternative-id":["10.1145\/3471621.3471859","10.1145\/3471621"],"URL":"https:\/\/doi.org\/10.1145\/3471621.3471859","relation":{},"subject":[],"published":{"date-parts":[[2021,10,6]]}}}