Fuzzing PHP
We present the application of a state of the art data fuzzing program American Fuzzy Lop (AFL) to discover new vulnerabilities that could be present in PHP. We will walk through the discovery, submission and patching of a newly found bug in PHP. The bug was first discovered in PHP version 7.0.16 and...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
2017
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/10356/72786 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | We present the application of a state of the art data fuzzing program American Fuzzy Lop (AFL) to discover new vulnerabilities that could be present in PHP. We will walk through the discovery, submission and patching of a newly found bug in PHP. The bug was first discovered in PHP version 7.0.16 and 5.6.30 and subsequently patched in version 7.0.21. The bug is presented with CVE- 2017-11144, with the implication of a DOS attack. |
|---|