9月7日 | 英语翻译 | 不要啊，又堆起来了

前言：在自习室果然效率30%，在大教室效率59%，急速上升，并且网上差点药，吃点药就很有精神了。

随机翻译：Abstract

FUZZORIGIN: Detecting UXSS vulnerabilities in Browsersthrough Origin Fuzzing

Universal cross-site scripting (UXSS) is a browser vulnerabil-ity, making a vulnerable browser execute an attacker’s scripton any web pages loaded by the browser. UXSS is considereda far more severe vulnerability than well-studied cross-sitescripting (XSS). This is because the impact of UXSS is notlimited to a web application, but it impacts each and everyweb application as long as a victim user runs a vulnerablebrowser. We find that UXSS vulnerabilities are difficult tofind, especially through fuzzing, for the following two rea-sons. First, it is challenging to detect UXSS because it is asemantic vulnerability. In order to detect UXSS, one needs tounderstand the complex interaction semantics between webpages. Second, it is difficult to generate HTML inputs thattrigger UXSS since one needs to drive the browser to performcomplex interactions and navigations。

通用跨站脚本(UXSS)是一种浏览器漏洞，它使有漏洞的浏览器在其加载的任何网页上都可以执行攻击者的脚本。UXSS被认为是比经过充分研究的跨站脚本(XSS)更严重的漏洞。这是因为UXSS的影响并不局限于一个web应用程序，而是只要受害者用户运行有漏洞的浏览器，它就会影响每一个web应用程序。我们发现UXSS漏洞很难被检测，尤其是通过模糊分析，原因有二。首先，UXSS是一种语义漏洞，检测起来很有挑战性。为了检测UXSS，需要了解网页之间复杂的交互语义。其次，很难生成触发UXSS的HTML输入，因为需要主动使浏览器执行复杂的交互和导航。