Help Us Identify UFUs: (Em)Powering Vulnerability Scanners with FUEL
Nowadays, many websites rely on user-generated content, e.g., by allowing users to upload images, videos, documents, or other files. If not handled carefully, Unrestricted File Uploads (UFUs) may appear and become a serious security issue.
Our academic results show that some UFU types still fly under the state-of-the-art vulnerability scanners' radars, leaving websites at risk of severe vulnerabilities, such as Remote Code Execution or Cross-Site Scripting.
Thus, we propose a File Upload Exploitation Lab (FUEL) to (em)power vulnerability scanners to become better at identifying UFUs and invite the community to reFUEL.