Privilege escalation vulnerability detection using message digest differentiation
First Claim
Patent Images
1. A computer-implemented method, comprising:
- obtaining a set of reference signatures for a set of web pages of a web application, individual signatures of the set of reference signatures calculated using a fuzzy hashing algorithm, the fuzzy hashing algorithm producing matching values for matching but different inputs;
initiating a session using authentication information of a user of the web application;
crawling the web application over the session to obtain a set of responses to requests made to the web application;
calculating a set of signatures for the set of responses, individual signatures calculated using the fuzzy hashing algorithm;
for a first signature in the set of signatures for the set of responses, performing a comparison between the first signature and a second signature of the set of reference signatures, the first signature and second signature both associated with a uniform resource identifier corresponding to a web page of the web application for which the user lacks authorization to access;
detecting, based at least in part on the comparison, that the user has an ability to exceed a set of privileges associated with the user; and
indicating that the user has the ability to exceed the set of privileges.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques described and suggested herein include various systems and methods for detecting privilege escalation vulnerabilities. A detection service may determine one or more resources of a service or application the computing resource service provider to test. The detection service may determine a set of message digests corresponding to responses to requests to access the resource of the service or application. A subset of the set of message digests associated with an identifier may be compared to determine whether an entity associated with one of the subset of message digests is able to exceed a set of privileges attributed to the entity.
-
Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
obtaining a set of reference signatures for a set of web pages of a web application, individual signatures of the set of reference signatures calculated using a fuzzy hashing algorithm, the fuzzy hashing algorithm producing matching values for matching but different inputs; initiating a session using authentication information of a user of the web application; crawling the web application over the session to obtain a set of responses to requests made to the web application; calculating a set of signatures for the set of responses, individual signatures calculated using the fuzzy hashing algorithm; for a first signature in the set of signatures for the set of responses, performing a comparison between the first signature and a second signature of the set of reference signatures, the first signature and second signature both associated with a uniform resource identifier corresponding to a web page of the web application for which the user lacks authorization to access; detecting, based at least in part on the comparison, that the user has an ability to exceed a set of privileges associated with the user; and indicating that the user has the ability to exceed the set of privileges. - View Dependent Claims (2, 3, 4)
-
-
5. A system, comprising:
-
one or more physical processors; and memory that stores computer-executable instructions that, as a result of being executed, cause the system to; determine a signature associated with an entity, the signature associated with an identifier available for access to the entity, the signature produced using a fuzzy hashing algorithm that produces matching values for a matching but different pair of inputs; perform a comparison between the signature and a reference signature, the reference signature also associated with the identifier and produced using the fuzzy hashing algorithm; and indicate a result of the comparison, the result indicating whether the entity is able to exceed a set of privileges associated with the entity. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable storage medium storing executable instructions that, as a result of being executed by one or more processors of a computer system, cause the computer system to at least:
-
determine a set of signatures related to access attempts for resource identifiers, the set of signatures comprising a first signature associated with a request to a first identifier using credentials of a user entity, the set of signatures produced using a fuzzy hashing algorithm that produces matching values for a matching but different pair of inputs; perform a comparison between the first signature and a reference signature corresponding to the first signature by association with the first identifier, the reference signature produced using the fuzzy hashing algorithm; and indicate whether the user entity is able to exceed a set of privileges associated with the user entity based at least in part on the comparison. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification