乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,3]],"date-time":"2024-09-03T05:56:43Z","timestamp":1725343003679},"publisher-location":"New York, NY, USA","reference-count":82,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,11,7]],"date-time":"2023-11-07T00:00:00Z","timestamp":1699315200000},"content-version":"vor","delay-in-days":365,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000185","name":"Defense Advanced Research Projects Agency","doi-asserted-by":"publisher","award":["HR00112090031; HR00112190087"],"id":[{"id":"10.13039\/100000185","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000006","name":"Office of Naval Research","doi-asserted-by":"publisher","award":["N00014-19-1-2179; N00014-17-1-2895; N00014-18-1-2662"],"id":[{"id":"10.13039\/100000006","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,11,7]]},"DOI":"10.1145\/3548606.3559340","type":"proceedings-article","created":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T11:41:28Z","timestamp":1667821288000},"update-policy":"http:\/\/dx.doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Understanding and Mitigating Remote Code Execution Vulnerabilities in Cross-platform Ecosystem"],"prefix":"10.1145","author":[{"given":"Feng","family":"Xiao","sequence":"first","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]},{"given":"Zheng","family":"Yang","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]},{"given":"Joey","family":"Allen","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]},{"given":"Guangliang","family":"Yang","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"given":"Grant","family":"Williams","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]},{"given":"Wenke","family":"Lee","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]}],"member":"320","published-online":{"date-parts":[[2022,11,7]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2021 OWASP Top 10 vulnerabilities. https:\/\/owasp.org\/Top10\/. 2021 OWASP Top 10 vulnerabilities. https:\/\/owasp.org\/Top10\/."},{"key":"e_1_3_2_1_2_1","unstructured":"AngularJs Expression Injection Bypass. https:\/\/sites.google.com\/site\/ bughunteruniversity\/nonvuln\/angularjs-expression-sandbox-bypass. AngularJs Expression Injection Bypass. https:\/\/sites.google.com\/site\/ bughunteruniversity\/nonvuln\/angularjs-expression-sandbox-bypass."},{"key":"e_1_3_2_1_3_1","unstructured":"Atom Remote Code Execution. https:\/\/statuscode.ch\/2017\/11\/from-markdown-to-rce-in-atom. Atom Remote Code Execution. https:\/\/statuscode.ch\/2017\/11\/from-markdown-to-rce-in-atom."},{"key":"e_1_3_2_1_4_1","unstructured":"CVE-2021-28119: twinkle-tray arbitrary code execution through unsafe IPC. https: \/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-28119. CVE-2021-28119: twinkle-tray arbitrary code execution through unsafe IPC. https: \/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-28119."},{"key":"e_1_3_2_1_5_1","unstructured":"CVE-2021-28154: camunda-modeler arbitrary file access through unsafe IPC. https: \/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-28154. CVE-2021-28154: camunda-modeler arbitrary file access through unsafe IPC. https: \/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-28154."},{"key":"e_1_3_2_1_6_1","unstructured":"CVE-2021-41392: BoostNote arbitrary code execution through unsafe IPC. https: \/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-41392. CVE-2021-41392: BoostNote arbitrary code execution through unsafe IPC. https: \/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-41392."},{"key":"e_1_3_2_1_7_1","unstructured":"CVE Security Vulnerability Database. https:\/\/cve.mitre.org\/. CVE Security Vulnerability Database. https:\/\/cve.mitre.org\/."},{"key":"e_1_3_2_1_8_1","unstructured":"DEDECMS 5.7 SEARCH.PHP TYPENAME Remote Code Execution. https:\/\/vuldb. com\/?id.181400. DEDECMS 5.7 SEARCH.PHP TYPENAME Remote Code Execution. https:\/\/vuldb. com\/?id.181400."},{"key":"e_1_3_2_1_9_1","unstructured":"Discord remote code execution. https:\/\/mksben.l0.cm\/2020\/10\/discord-desktop- rce.html. Discord remote code execution. https:\/\/mksben.l0.cm\/2020\/10\/discord-desktop- rce.html."},{"key":"e_1_3_2_1_10_1","unstructured":"Electron App Store. https:\/\/www.electronjs.org\/apps. Electron App Store. https:\/\/www.electronjs.org\/apps."},{"key":"e_1_3_2_1_11_1","unstructured":"Electron (cross-platform framework). https:\/\/en.wikipedia.org\/wiki\/Electron_ (software_framework). Electron (cross-platform framework). https:\/\/en.wikipedia.org\/wiki\/Electron_ (software_framework)."},{"key":"e_1_3_2_1_12_1","unstructured":"Electron Node Integration. https:\/\/www.electronjs.org\/docs\/tutorial\/security. Electron Node Integration. https:\/\/www.electronjs.org\/docs\/tutorial\/security."},{"key":"e_1_3_2_1_13_1","unstructured":"Electron Preload Scripts. https:\/\/www.electronjs.org\/docs\/latest\/tutorial\/process- model\/#preload-scripts. Electron Preload Scripts. https:\/\/www.electronjs.org\/docs\/latest\/tutorial\/process- model\/#preload-scripts."},{"key":"e_1_3_2_1_14_1","unstructured":"Electron React Boilerplate. https:\/\/github.com\/electron-react-boilerplate\/electron- react-boilerplate. Electron React Boilerplate. https:\/\/github.com\/electron-react-boilerplate\/electron- react-boilerplate."},{"key":"e_1_3_2_1_15_1","unstructured":"Electron Security Native Capabilities and Your Responsibility. https:\/\/www. electronjs.org\/docs\/latest\/tutorial\/security. Electron Security Native Capabilities and Your Responsibility. https:\/\/www. electronjs.org\/docs\/latest\/tutorial\/security."},{"key":"e_1_3_2_1_16_1","unstructured":"Github Atom. https:\/\/atom.io\/. Github Atom. https:\/\/atom.io\/."},{"key":"e_1_3_2_1_17_1","unstructured":"Hackerone Bug Bounty Program. https:\/\/www.hackerone.com. Hackerone Bug Bounty Program. https:\/\/www.hackerone.com."},{"key":"e_1_3_2_1_18_1","unstructured":"Huntr Bug Bounty Program. https:\/\/huntr.dev. Huntr Bug Bounty Program. https:\/\/huntr.dev."},{"key":"e_1_3_2_1_19_1","unstructured":"Introduce the notion of a \"current microtask. https:\/\/www.chromium.org\/chromium-projects\/. Introduce the notion of a \"current microtask. https:\/\/www.chromium.org\/chromium-projects\/."},{"key":"e_1_3_2_1_20_1","unstructured":"Introduce the notion of a \"current microtask. https:\/\/chromium-review. googlesource.com\/c\/v8\/v8\/\/1277505. Introduce the notion of a \"current microtask. https:\/\/chromium-review. googlesource.com\/c\/v8\/v8\/\/1277505."},{"key":"e_1_3_2_1_21_1","unstructured":"Issue 3943: Disable webview when node integration is off. https:\/\/github.com\/ electron\/electron\/issues\/3943. Issue 3943: Disable webview when node integration is off. https:\/\/github.com\/ electron\/electron\/issues\/3943."},{"key":"e_1_3_2_1_22_1","unstructured":"Issue 4026: Prohibit nodeIntegration from being re-enabled with window.open. https: \/\/github.com\/electron\/electron\/issues\/4026. Issue 4026: Prohibit nodeIntegration from being re-enabled with window.open. https: \/\/github.com\/electron\/electron\/issues\/4026."},{"key":"e_1_3_2_1_23_1","unstructured":"JavaScript code coverage. https:\/\/v8.dev\/blog\/javascript-code-coverage. JavaScript code coverage. https:\/\/v8.dev\/blog\/javascript-code-coverage."},{"key":"e_1_3_2_1_24_1","unstructured":"Linux AppArmor. https:\/\/apparmor.com\/. Linux AppArmor. https:\/\/apparmor.com\/."},{"key":"e_1_3_2_1_25_1","unstructured":"Microsoft Teams remote code execution. https:\/\/github.com\/oskarsve\/ms-teams- rce\/. Microsoft Teams remote code execution. https:\/\/github.com\/oskarsve\/ms-teams- rce\/."},{"key":"e_1_3_2_1_26_1","unstructured":"Neutralinojs (cross-platform framework). https:\/\/neutralino.js.org\/. Neutralinojs (cross-platform framework). https:\/\/neutralino.js.org\/."},{"key":"e_1_3_2_1_27_1","volume-title":"Challenge in BSides Ahmedabad CTF 2021","author":"Neutron","year":"2021","unstructured":"Neutron Challenge in BSides Ahmedabad CTF 2021 . https:\/\/blog.s1r1us.ninja\/CTF\/ bsidesahm 2021 #h.ymq4241d2kxp. Neutron Challenge in BSides Ahmedabad CTF 2021. https:\/\/blog.s1r1us.ninja\/CTF\/ bsidesahm2021#h.ymq4241d2kxp."},{"key":"e_1_3_2_1_28_1","unstructured":"NW.js (cross-platform framework). https:\/\/nwjs.io. NW.js (cross-platform framework). https:\/\/nwjs.io."},{"key":"e_1_3_2_1_29_1","unstructured":"NW.js Frames. https:\/\/nwjs.readthedocs.io\/en\/nw13\/References\/Frames\/#iframe. NW.js Frames. https:\/\/nwjs.readthedocs.io\/en\/nw13\/References\/Frames\/#iframe."},{"key":"e_1_3_2_1_30_1","unstructured":"Prototype pollution attacks in NodeJS applications. https:\/\/www.youtube.com\/ watch?v=LUsiFV3dsK8. Prototype pollution attacks in NodeJS applications. https:\/\/www.youtube.com\/ watch?v=LUsiFV3dsK8."},{"key":"e_1_3_2_1_31_1","unstructured":"React: A JavaScript library for building user interfaces. https:\/\/reactjs.org\/. React: A JavaScript library for building user interfaces. https:\/\/reactjs.org\/."},{"key":"e_1_3_2_1_32_1","unstructured":"React Native (cross-platform framework). https:\/\/reactnative.dev\/. React Native (cross-platform framework). https:\/\/reactnative.dev\/."},{"key":"e_1_3_2_1_33_1","unstructured":"React-nodewebkit Starter. https:\/\/github.com\/konsumer\/react-nodewebkit. React-nodewebkit Starter. https:\/\/github.com\/konsumer\/react-nodewebkit."},{"key":"e_1_3_2_1_34_1","unstructured":"React starter project for Neutralinojs. https:\/\/github.com\/Abdulhafiz-Yusuf\/ neutralinojs-react. React starter project for Neutralinojs. https:\/\/github.com\/Abdulhafiz-Yusuf\/ neutralinojs-react."},{"key":"e_1_3_2_1_35_1","unstructured":"Rocket.Chat remote code execution via click event. https:\/\/hackerone.com\/reports\/ 899964. Rocket.Chat remote code execution via click event. https:\/\/hackerone.com\/reports\/ 899964."},{"key":"e_1_3_2_1_36_1","unstructured":"Rocket.Chat remote code execution via message attachment. https:\/\/hackerone. com\/reports\/899954. Rocket.Chat remote code execution via message attachment. https:\/\/hackerone. com\/reports\/899954."},{"key":"e_1_3_2_1_37_1","unstructured":"Rocket.Chat Remote Code Execution via message attachment. https: \/\/haxx.ml\/post\/145508617751\/hacking-mattermost-2-year-of-nodejs-on-the?is_related_post=1. Rocket.Chat Remote Code Execution via message attachment. https: \/\/haxx.ml\/post\/145508617751\/hacking-mattermost-2-year-of-nodejs-on-the?is_related_post=1."},{"key":"e_1_3_2_1_38_1","unstructured":"Simplenote remote code execution. https:\/\/hackerone.com\/reports\/291539. Simplenote remote code execution. https:\/\/hackerone.com\/reports\/291539."},{"key":"e_1_3_2_1_39_1","unstructured":"Skype: A communication tool for free calls and chat. https:\/\/www.skype.com\/en\/. Skype: A communication tool for free calls and chat. https:\/\/www.skype.com\/en\/."},{"key":"e_1_3_2_1_40_1","unstructured":"Slack: A proprietary business communication platform. https:\/\/slack.com\/. Slack: A proprietary business communication platform. https:\/\/slack.com\/."},{"key":"e_1_3_2_1_41_1","unstructured":"Slack remote code execution. https:\/\/hackerone.com\/reports\/783877\/. Slack remote code execution. https:\/\/hackerone.com\/reports\/783877\/."},{"key":"e_1_3_2_1_42_1","unstructured":"Snyk Vulnerability Database. https:\/\/security.snyk.io. Snyk Vulnerability Database. https:\/\/security.snyk.io."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"crossref","unstructured":"The State of Vulnerabilities in 2019. https:\/\/www.imperva.com\/blog\/the-state-of- vulnerabilities-in-2019\/. The State of Vulnerabilities in 2019. https:\/\/www.imperva.com\/blog\/the-state-of- vulnerabilities-in-2019\/.","DOI":"10.1016\/S1361-3723(19)30011-9"},{"key":"e_1_3_2_1_44_1","unstructured":"The State of Web Application Vulnerabilities in 2018. https:\/\/www.imperva.com\/ blog\/the-state-of-web-application-vulnerabilities-in-2018\/. The State of Web Application Vulnerabilities in 2018. https:\/\/www.imperva.com\/ blog\/the-state-of-web-application-vulnerabilities-in-2018\/."},{"key":"e_1_3_2_1_45_1","unstructured":"A study of Electron Security. https:\/\/www.blackhat.com\/us-17\/briefings\/schedule\/ #electronegativity-a-study-of-electron-security-7320. A study of Electron Security. https:\/\/www.blackhat.com\/us-17\/briefings\/schedule\/ #electronegativity-a-study-of-electron-security-7320."},{"key":"e_1_3_2_1_46_1","unstructured":"Subverting Electron Apps via Insecure Preload. https:\/\/blog.doyensec.com\/2019\/ 04\/03\/subverting-electron-apps-via-insecure-preload.html. Subverting Electron Apps via Insecure Preload. https:\/\/blog.doyensec.com\/2019\/ 04\/03\/subverting-electron-apps-via-insecure-preload.html."},{"key":"e_1_3_2_1_47_1","unstructured":"The T. J. Watson Libraries for Analysis (WALA) provide static analysis capabilities for Java bytecode and related languages and for JavaScript. https:\/\/github.com\/ wala\/WALA. The T. J. Watson Libraries for Analysis (WALA) provide static analysis capabilities for Java bytecode and related languages and for JavaScript. https:\/\/github.com\/ wala\/WALA."},{"key":"e_1_3_2_1_48_1","unstructured":"Teams: A business communication platform developed by Microsoft. https:\/\/www. microsoft.com\/en-us\/microsoft-teams\/group-chat-software. Teams: A business communication platform developed by Microsoft. https:\/\/www. microsoft.com\/en-us\/microsoft-teams\/group-chat-software."},{"key":"e_1_3_2_1_49_1","unstructured":"V8 Context Stack Description. https:\/\/source.chromium.org\/ chromium\/chromium\/src\/\/main:v8\/src\/objects\/contexts.h;drc= c0fceaa0669b39136c9e780f278e2596d71b4e8a;l=378. V8 Context Stack Description. https:\/\/source.chromium.org\/ chromium\/chromium\/src\/\/main:v8\/src\/objects\/contexts.h;drc= c0fceaa0669b39136c9e780f278e2596d71b4e8a;l=378."},{"key":"e_1_3_2_1_50_1","unstructured":"V8 Zero-cost Async Stack Trace. https:\/\/v8.dev\/docs\/stack-trace-api#async-stack- traces. V8 Zero-cost Async Stack Trace. https:\/\/v8.dev\/docs\/stack-trace-api#async-stack- traces."},{"key":"e_1_3_2_1_51_1","unstructured":"WhatsApp. https:\/\/www.whatsapp.com\/. WhatsApp. https:\/\/www.whatsapp.com\/."},{"key":"e_1_3_2_1_52_1","unstructured":"WhatsApp Arbitrary File Read. https:\/\/www.perimeterx.com\/tech-blog\/2020\/whatsapp-fs-read-vuln-disclosure\/. WhatsApp Arbitrary File Read. https:\/\/www.perimeterx.com\/tech-blog\/2020\/whatsapp-fs-read-vuln-disclosure\/."},{"key":"e_1_3_2_1_53_1","unstructured":"Wordpress remote code execution. https:\/\/hackerone.com\/reports\/301458. Wordpress remote code execution. https:\/\/hackerone.com\/reports\/301458."},{"key":"e_1_3_2_1_54_1","volume-title":"USENIX Security Symposium (USENIX Security 2021)","author":"Ahmadpanah Mohammad M","year":"2021","unstructured":"Mohammad M Ahmadpanah , Daniel Hedin , Musard Balliu , Lars Eric Olsson , and Andrei Sabelfeld . Sandtrap : Securing javascript-driven trigger-action platforms . In USENIX Security Symposium (USENIX Security 2021) , 2021 . Mohammad M Ahmadpanah, Daniel Hedin, Musard Balliu, Lars Eric Olsson, and Andrei Sabelfeld. Sandtrap: Securing javascript-driven trigger-action platforms. In USENIX Security Symposium (USENIX Security 2021), 2021."},{"key":"e_1_3_2_1_55_1","first-page":"787","volume-title":"Wenke Lee. Mnemosyne: An Effective and Efficient Postmortem Watering Hole Attack Investigation System. In Proceedings of the ACM Conference on Computer and Communications Security","author":"Allen Joey","year":"2020","unstructured":"Joey Allen , Zheng Yang , Matthew Landen , Raghav Bhat , Harsh Grover , Andrew Chang , Yang Ji , Roberto Perdisci , and Wenke Lee. Mnemosyne: An Effective and Efficient Postmortem Watering Hole Attack Investigation System. In Proceedings of the ACM Conference on Computer and Communications Security , pages 787 -- 802 . Association for Computing Machinery, 10 2020 . Joey Allen, Zheng Yang, Matthew Landen, Raghav Bhat, Harsh Grover, Andrew Chang, Yang Ji, Roberto Perdisci, and Wenke Lee. Mnemosyne: An Effective and Efficient Postmortem Watering Hole Attack Investigation System. In Proceedings of the ACM Conference on Computer and Communications Security, pages 787--802. Association for Computing Machinery, 10 2020."},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243823"},{"key":"e_1_3_2_1_57_1","volume-title":"Proceedings of the 27th USENIX Security Symposium (Security)","author":"Davis James C","year":"2018","unstructured":"James C Davis , Eric R Williamson , and Dongyoon Lee . A Sense of Time for JavaScript and Node.js: First-class Timeouts as a Cure for Event Handler Poisoning . In Proceedings of the 27th USENIX Security Symposium (Security) , Baltimore, MD , August 2018 . James C Davis, Eric R Williamson, and Dongyoon Lee. A Sense of Time for JavaScript and Node.js: First-class Timeouts as a Cure for Event Handler Poisoning. In Proceedings of the 27th USENIX Security Symposium (Security), Baltimore, MD, August 2018."},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2012.6363769"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00022"},{"key":"e_1_3_2_1_60_1","volume-title":"Ben Stock. HideNoSeek: Camouflaging Malicious JavaScript in Benign ASTs. In Proceedings of the 26th ACM Conference on Computer and Communications Security (CCS)","author":"Fass Aurore","year":"2019","unstructured":"Aurore Fass , Michael Backes , and Ben Stock. HideNoSeek: Camouflaging Malicious JavaScript in Benign ASTs. In Proceedings of the 26th ACM Conference on Computer and Communications Security (CCS) , London, UK , November 2019 . Aurore Fass, Michael Backes, and Ben Stock. HideNoSeek: Camouflaging Malicious JavaScript in Benign ASTs. In Proceedings of the 26th ACM Conference on Computer and Communications Security (CCS), London, UK, November 2019."},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359813"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-93411-2_14"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484745"},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.5555\/2486788.2486887"},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.23104"},{"key":"e_1_3_2_1_66_1","volume-title":"30th USENIX Security Symposium (USENIX Security 2021","author":"Khodayari Soheil","year":"2021","unstructured":"Soheil Khodayari and Giancarlo Pellegrino . Jaw : Studying client-side csrf with hybrid property graphs and declarative traversals . In 30th USENIX Security Symposium (USENIX Security 2021 ). Usenix , 2021 . Soheil Khodayari and Giancarlo Pellegrino. Jaw: Studying client-side csrf with hybrid property graphs and declarative traversals. In 30th USENIX Security Symposium (USENIX Security 2021). Usenix, 2021."},{"key":"e_1_3_2_1_67_1","volume-title":"Thou shalt not depend on me: Analysing the use of outdated javascript libraries on the web. arXiv preprint arXiv:1811.00918","author":"Lauinger Tobias","year":"2018","unstructured":"Tobias Lauinger , Abdelberi Chaabane , Sajjad Arshad , William Robertson , Christo Wilson , and Engin Kirda . Thou shalt not depend on me: Analysing the use of outdated javascript libraries on the web. arXiv preprint arXiv:1811.00918 , 2018 . Tobias Lauinger, Abdelberi Chaabane, Sajjad Arshad, William Robertson, Christo Wilson, and Engin Kirda. Thou shalt not depend on me: Analysing the use of outdated javascript libraries on the web. arXiv preprint arXiv:1811.00918, 2018."},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516703"},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1145\/3468264.3468542"},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382274"},{"key":"e_1_3_2_1_71_1","unstructured":"OpenJS Foundation. About Node.js. https:\/\/nodejs.org\/en\/about\/. OpenJS Foundation. About Node.js. https:\/\/nodejs.org\/en\/about\/."},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423343"},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP51992.2021.00039"},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484780"},{"key":"e_1_3_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1145\/3419394.3423616"},{"key":"e_1_3_2_1_76_1","first-page":"361","volume-title":"27th {USENIX} Security Symposium ({USENIX} Security 18)","author":"Staicu Cristian-Alexandru","year":"2018","unstructured":"Cristian-Alexandru Staicu and Michael Pradel . Freezing the web: A study of redos vulnerabilities in javascript-based web servers . In 27th {USENIX} Security Symposium ({USENIX} Security 18) , pages 361 -- 376 , 2018 . Cristian-Alexandru Staicu and Michael Pradel. Freezing the web: A study of redos vulnerabilities in javascript-based web servers. In 27th {USENIX} Security Symposium ({USENIX} Security 18), pages 361--376, 2018."},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23071"},{"key":"e_1_3_2_1_78_1","volume-title":"Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild. In Proceedings of the 2019 Annual Network and Distributed System Security Symposium (NDSS)","author":"Steffens Marius","year":"2019","unstructured":"Marius Steffens , Christian Rossow , Martin Johns , and Ben Stock . Don't Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild. In Proceedings of the 2019 Annual Network and Distributed System Security Symposium (NDSS) , San Diego, CA , February 2019 . Marius Steffens, Christian Rossow, Martin Johns, and Ben Stock. Don't Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild. In Proceedings of the 2019 Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2019."},{"key":"e_1_3_2_1_79_1","volume-title":"Proceedings of the 23rd USENIX Security Symposium (Security)","author":"Stock Ben","year":"2014","unstructured":"Ben Stock , Sebastian Lekies , Tobias Mueller , Patrick Spiegel , and Martin Johns . Precise Client-side Protection against DOM-based Cross-site Scripting . In Proceedings of the 23rd USENIX Security Symposium (Security) , San Diego, CA , August 2014 . Ben Stock, Sebastian Lekies, Tobias Mueller, Patrick Spiegel, and Martin Johns. Precise Client-side Protection against DOM-based Cross-site Scripting. In Proceedings of the 23rd USENIX Security Symposium (Security), San Diego, CA, August 2014."},{"key":"e_1_3_2_1_80_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23131"},{"key":"e_1_3_2_1_81_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484535"},{"key":"e_1_3_2_1_82_1","first-page":"2951","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Xiao Feng","year":"2021","unstructured":"Feng Xiao , Jianwei Huang , Yichang Xiong , Guangliang Yang , Hong Hu , Guofei Gu , and Wenke Lee . Abusing hidden properties to attack the node.js ecosystem . In 30th USENIX Security Symposium (USENIX Security 21) , pages 2951 -- 2968 . USENIX Association , August 2021 . Feng Xiao, Jianwei Huang, Yichang Xiong, Guangliang Yang, Hong Hu, Guofei Gu, and Wenke Lee. Abusing hidden properties to attack the node.js ecosystem. In 30th USENIX Security Symposium (USENIX Security 21), pages 2951--2968. USENIX Association, August 2021."}],"event":{"name":"CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security","location":"Los Angeles CA USA","acronym":"CCS '22","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3548606.3559340","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3548606.3559340","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,11,7]],"date-time":"2023-11-07T12:42:15Z","timestamp":1699360935000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3559340"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,11,7]]},"references-count":82,"alternative-id":["10.1145\/3548606.3559340","10.1145\/3548606"],"URL":"https:\/\/doi.org\/10.1145\/3548606.3559340","relation":{},"subject":[],"published":{"date-parts":[[2022,11,7]]},"assertion":[{"value":"2022-11-07","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}