A fuzzing framework for automatically detecting and exploiting template escape bugs in template engines.
TEFuzz is a specialized fuzzing framework designed to automatically detect and exploit template escape bugs in template engines, which can lead to remote code execution vulnerabilities. It was developed for research presented at USENIX Security '23 and provides a systematic approach to finding security flaws in template sandboxes.
TEFuzz adopts a tailored, context-aware fuzzing approach to uncover complex template escape vulnerabilities that traditional fuzzing might miss, emphasizing automation in both detection and exploitation.
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.