we propose PHPIL a fuzzing framework to find potential bugs and vulnerabilities in the PHP interpreter. Unlike previous work PHPIL generates both syntactically and semantically correct PHP code samples, using an intermediate language composed of custom opcodes. The code generator, governed by rules ensuring PHP syntax and conventions, drives the mutator to perform mutations on the generated intermediate language. These mutated samples are then lifted to PHP code, executed, and monitored for any unexpected behavior, with a report generated if any anomalies are detected.
Vignesh Rao, Tarunkant Gupta, Saastha Vasan, LR Deepthi