Verification and Classification of Exploits for Node.js Vulnerabilities

Vulnerabilities in the Node.js ecosystem pose serious security threats. Generating exploits for such vulnerabilities is a critical and essential step for fixing the vulnerabilities and understanding attack vectors. To address this need, prior work has proposed a range of methods, including static analysis approaches, dynamic analysis approaches, and LLM-based techniques. However, most studies verify only at the end of execution whether the expected effect of each vulnerability has occurred. This approach does not confirm whether the exploit actually reaches the target vulnerable sinks. As a result, it may fail to exercise the intended vulnerability or inadvertently trigger a different sink. In this study, we propose a method for validating and classifying exploits related to Node.js vulnerabilities. Our method instruments sink APIs and related objects prior to execution to capture sink APIs calls and their arguments when a sink is triggered at runtime. This lets us verify that an exploit reaches the intended sink and classify exploits by the point at which the sink is triggered.