full screen background image

Relative Path Overwrite Attack

Relative Path Overwrite (RPO) is a new attack vector discovered by Gareth Heyes, a renowned web application researcher. Relative Path Overwrite exploits the way browsers interpret relative paths while importing CSS files into a document, hence this attack is also referred to as Path Relative Stylesheet Import (PRSSI). If you’re not aware of relative and absolute path URL CSS import, then let’s have a quick look at:

Relative path import:
<link href=”resource/rpo.css” rel=”stylesheet” type=”text/css”/>
Absolute path import:
<link href=”https://sandbox.prakharprasd.com /resource/rpo.css”
rel=”stylesheet” type=”text/css”/>

Here, the rpo.css file contains the following:

h1 {
font-family: monospace;
color: white;
font-size: 50px;
}
body {
background-color: black;
}

In the absolute path, we see a full and complete reference to the CSS file, the URL starts with the protocol handler and ends with the file. However, in the relative path, only the directory or file information is sufficient, the browser looks for the file in the same path directory as the current document.

For example, if the document was loaded at https://sandbox.test. com/rpo/ then the CSS will be loaded from https://sandbox.test.com/rpo/resource/rpo.css in the case of the relative path.

As with many other vulnerabilities, the risks involved vary from case to case. If the affected page includes any data under the attacker’s control, it’s possible to inject CSS, which in turn enables the attacker to fool the victim into carrying out undesired actions.

 

 

Πηγή : latesthackingnews



Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Part-Time Hacker || Child Pornography & Sexual Abuse Combat


Leave a Reply

Your email address will not be published. Required fields are marked *