Invention Grant
- Patent Title: Detecting injection vulnerabilities of client-side templating systems
-
Application No.: US16981253Application Date: 2018-05-04
-
Publication No.: US11640471B2Publication Date: 2023-05-02
- Inventor: Sebastian Lekies , Nicolas Golubovic
- Applicant: Google LLC
- Applicant Address: US CA Mountain View
- Assignee: Google LLC
- Current Assignee: Google LLC
- Current Assignee Address: US CA Mountain View
- Agency: Honigman LLP
- Agent Brett A. Krueger
- International Application: PCT/US2018/031147 WO 20180504
- International Announcement: WO2019/212565 WO 20191107
- Main IPC: H04L9/40
- IPC: H04L9/40 ; G06F21/57 ; G06F9/54
Abstract:
A method (800) for detecting an injection vulnerability of a client-side templating system includes receiving a web page (200), determining that the web page implements an interpreted programming language framework (142) with client-side templating, and extracting a version (144) of the interpreted programming language framework and an interpolation sign (146) from the web page. The method also includes generating an attack payload (152a) for at least one injection vulnerability context (210) of the web page based on the version of the interpreted programming language framework and the interpolation sign, instrumenting the web page to inject the attack payload into the at least one injection vulnerability context of the web page, and executing the instrumented web page.
Public/Granted literature
- US20210044617A1 Detecting Injection Vulnerabilities of Client-Side Templating Systems Public/Granted day:2021-02-11
Information query
