Discovering Hidden Properties to Attack NodeJS Ecosystem
is widely used for developing both server-side and desktop applications. It provides a cross-platform execution environment for JavaScript programs. Due to the increasing popularity, the security of is critical to web servers and desktop clients.
We present a novel attack method against the platform, called hidden property abusing (HPA). The new attack leverages the widely-used data exchanging feature of JavaScript to tamper critical program states of programs, like server-side applications. HPA entitles remote attackers to launch serious attacks, such as stealing confidential data, bypassing security checks, and launching denial of service attacks. To help developers detect the HPA issues of their applications, we develop a tool, named LYNX, that utilizes hybrid program analysis to automatically reveal HPA vulnerabilities and even synthesize exploits. We apply LYNX on a set of widely-used programs and identify 13 previously unknown vulnerabilities. LYNX
6 days ago 00:19:59 42
3 weeks ago 00:00:36 1
1 month ago 00:36:34 1
2 months ago 00:01:13 3
2 months ago 00:04:35 2
2 months ago 00:03:26 0
3 months ago 00:02:00 0
3 months ago 00:10:08 2
3 months ago 01:29:41 1
3 months ago 00:06:10 0
3 months ago 00:10:10 0
4 months ago 00:08:00 16
4 months ago 00:02:16 0
5 months ago 00:35:42 0
5 months ago 00:03:54 0
![SNAP! - Rame (Beloved) [feat. Rukmani] (Official Video)](https://sun9-78.userapi.com/gq_HD94eKOmd6-pgFiOlHLD2kWTZASapHwgCeA/vR36rRCoSRU.jpg)
5 months ago 00:01:53 0
5 months ago 00:23:16 5
5 months ago 00:24:33 0
7 months ago 00:01:45 0
7 months ago 00:01:30 0
7 months ago 00:03:04 0
7 months ago 00:07:05 0
7 months ago 00:18:57 0
7 months ago 00:03:06 0
