Research On Plugin Vulnerability Detection For Content Management System

Content Management System(CMS)provides great convenience for rapidly developing web applications.Due to the prosperous plugin ecosystem,CMS plugins can easily extend the functionality of web applications.However,as plugins become more complex,a large number of plugin vulnerabilities threaten the security of the web application.In recent years,there have been various security analyses of CMS plugins,such as malicious plugin analysis and privacy analysis,but there is a lack of research on web vulnerability detection of CMS plugins.The code of CMS plugins depends on the operation and invocation of the CMS core,and shares contextual resources with the CMS core.However,existing research applies web application analysis solutions to plugin analysis,which is inaccurate due to the lack of CMS core environment information.Moreover,previous work can only analyze object-oriented PHP code to a limited extent,while modern CMS plugins are composed of object-oriented syntax code.To solve these problems,this paper proposes a PHP-based general CMS plugin vulnerability detection method and implements an automation tool called PVHUNTER.We implement our tools for Word Press plugins as it occupies the vast majority of the CMS market share.To achieve accurate vulnerability analysis of CMS plugin code,this paper first extracts core environment information affecting plugin analysis through hybrid analysis,then simulates it into PHP files as auxiliary data for subsequent plugin static analysis.Secondly,this paper extends the existing static analysis method to support the analysis of object-oriented code through type inference.Finally,this paper proposes a vulnerability-oriented path-sensitive analysis method to recognize the false positives caused by path-sensitive security measures.This paper comprehensively evaluates PVHUNTER to detect Word Press plugin SQL injection and cross-site scripting vulnerabilities on different datasets.First compares PVHUNTER with existing tools and finds that PVHUNTER can detect the most vulnerabilities with lower false positives,which proves PVHUNTER is the state-of-art plugin vulnerability detection tool.At the same time,this paper also uses PVHUNTER to conduct a large-scale analysis of popular Word Press plugins,detecting a total of 178 previously unreported vulnerabilities(124 of which correspond to plugins with download volumes exceeding one million),and obtaining 82 CVE numbers.We will open source the source code of this paper on Git Hub for further research.