Racedb: Detecting Request Race Vulnerabilities in Database-Backed Web Applications

Request race vulnerabilities in database-backed web applications pose a significant security threat. These vulnera-bilities can lead to data inconsistencies, unexpected behavior, and even unauthorized access. Existing automated detection techniques often fall short due to the complexity of race conditions and the intricate interplay between application logic and database interactions. This paper introduces Racedb, a novel system that tackles these challenges through two key innovations. Application-aware Request Race Detection (ARD) provides a comprehensive analysis of data dependencies, considering not only the database query but also the application code. This allows RacedB to identify subtle race conditions that might be missed by existing approaches. Furthermore, Racedbemploys an automated verification technique using replay-based execution. This technique efficiently isolates true races from false positives and generates definitive exploits for verified vulnerabilities. We evaluated Racedb on a dataset of 14 real-world PHP web applications. The results demonstrate the effectiveness of Racedb compared to existing tools. Racedb achieved a superior detection rate, identifying 21 known vul-nerabilities and discovering 18 new vulnerabilities, significantly exceeding the performance of existing tools while also achieving a lower rate of false positives. Finally, we responsibly reported all newly discovered vulnerabilities to the corresponding developers, and 7 of them have been assigned CVE IDs.