The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 11640471 B1

Date of Patent:

May. 02, 2023

Filed:

May. 04, 2018

Detecting injection vulnerabilities of client-side templating systems

Applicant:

Google Llc, Mountain View, CA (US);

Inventors:

Sebastian Lekies, Zurich, CH;

Nicolas Golubovic, Zurich, CH;

Assignee:

Google LLC, Mountain View, CA (US);

Attorneys:

Honigman LLP

Brett A. Krueger

Primary Examiner:

Michael Pyzocha

Int. Cl.

CPC ...

H04L 9/40 (2022.01); G06F 21/57 (2013.01); G06F 9/54 (2006.01);

U.S. Cl.

CPC ...

H04L 63/1466 (2013.01); G06F 9/547 (2013.01); G06F 21/577 (2013.01); H04L 63/1433 (2013.01); G06F 2221/033 (2013.01);

Abstract

A method () for detecting an injection vulnerability of a client-side templating system includes receiving a web page (), determining that the web page implements an interpreted programming language framework () with client-side templating, and extracting a version () of the interpreted programming language framework and an interpolation sign () from the web page. The method also includes generating an attack payload () for at least one injection vulnerability context () of the web page based on the version of the interpreted programming language framework and the interpolation sign, instrumenting the web page to inject the attack payload into the at least one injection vulnerability context of the web page, and executing the instrumented web page.

Find Patent Forward Citations