External Link
https://dl.acm.org/doi/10.1145/2480362.2480699
BibTeX
@inproceedings{10.1145/2480362.2480699, author = {Payet, Pierre and Doupe, Adam and Kruegel, Christopher and Vigna, Giovanni}, title = {EARs in the wild: large-scale analysis of execution after redirect vulnerabilities}, year = {2013}, isbn = {9781450316569}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/2480362.2480699}, doi = {10.1145/2480362.2480699}, abstract = {Execution After Redirect vulnerabilities---logic flaws in web applications where unintended code is executed after a redirect---have received little attention from the research community. In fact, we found a research paper that incorrectly modeled the redirect semantics, causing their static analysis to miss EAR vulnerabilities.To understand the breadth and scope of EARs in the real world, we performed a large-scale analysis to determine the prevalence of EARs on the Internet. We crawled 8,097,283 URLs from 255,957 domains. We employ a black-box approach that finds EARs which manifest themselves by information leakage in the HTTP redirect response. For this type of EAR, we developed a classification system that discovered 2,173 security-critical EARs among 416 domains. This result shows that EARs are a serious and prevalent problem on the Internet today and deserve future research attention.}, booktitle = {Proceedings of the 28th Annual ACM Symposium on Applied Computing}, pages = {1792–1799}, numpages = {8}, location = {Coimbra, Portugal}, series = {SAC ‘13} }