Relative Path Overwrite Attack

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn0

Relative Path Overwrite (RPO) is a new attack vector discovered by Gareth Heyes, a renowned web application researcher. Relative Path Overwrite exploits the way browsers interpret relative paths while importing CSS files into a document, hence this attack is also referred to as Path Relative Stylesheet Import (PRSSI). If you’re not aware of relative and absolute path URL CSS import, then let’s have a quick look at:

Relative path import:
<link href=”resource/rpo.css” rel=”stylesheet” type=”text/css”/>
Absolute path import:
<link href=”https://sandbox.prakharprasd.com /resource/rpo.css”
rel=”stylesheet” type=”text/css”/>

Here, the rpo.css file contains the following:

h1 {
font-family: monospace;
color: white;
font-size: 50px;
}
body {
background-color: black;
}

In the absolute path, we see a full and complete reference to the CSS file, the URL starts with the protocol handler and ends with the file. However, in the relative path, only the directory or file information is sufficient, the browser looks for the file in the same path directory as the current document.

For example, if the document was loaded at https://sandbox.test. com/rpo/ then the CSS will be loaded from https://sandbox.test.com/rpo/resource/rpo.css in the case of the relative path.

As with many other vulnerabilities, the risks involved vary from case to case. If the affected page includes any data under the attacker’s control, it’s possible to inject CSS, which in turn enables the attacker to fool the victim into carrying out undesired actions.

If it’s possible to get JavaScript within CSS, it’s also possible to turn this into an XSS. Read more about XSS here.

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn0
The following two tabs change content below.

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Leave a Reply