Large-Scale Analysis of Style Injection by Relative Path Overwrite

@inproceedings{Arshad2018LargeScaleAO,
  title={Large-Scale Analysis of Style Injection by Relative Path Overwrite},
  author={Sajjad Arshad and Seyed Ali Mirheidari and Tobias Lauinger and Bruno Crispo and Engin Kirda and William K. Robertson},
  booktitle={WWW},
  year={2018}
}
Relative Path Overwrite (RPO) is a recent technique to inject style directives into websites even when no style sink or markup injection vulnerability is present. It exploits differences in how browsers and web servers interpret relative paths (i.e., path confusion) to make a HTML page reference itself as a stylesheet; a simple text injection vulnerability along with browsers’ leniency in parsing CSS resources results in an attacker’s ability to inject style directives that will be interpreted… CONTINUE READING

References

Publications referenced by this paper.
SHOWING 1-10 OF 40 REFERENCES

2015

  • XSS Jigsaw
  • CSS: Cascading Style Scripting. http://blog.innerht.ml/ cascading-style-scripting/.
  • 2015
VIEW 10 EXCERPTS
HIGHLY INFLUENTIAL

Ultimate DOM Based XSS Detection Scanner On Cloud

  • Nera W.C. Liu, Albert Yu
  • 2014
VIEW 11 EXCERPTS
HIGHLY INFLUENTIAL

Detecting and Exploiting Path-Relative Stylesheet Import (PRSSI) Vulnerabilities. http://blog.portswigger.net/2015/02/prssi.html

  • James Kettle
  • 2015
VIEW 3 EXCERPTS
HIGHLY INFLUENTIAL

Breaking XSS mitigations via Script Gadgets

  • Sebastian Lekies, Krzysztof Kotowicz, Eduardo Vela Nava
  • 2017
VIEW 2 EXCERPTS

Web Cache Deception Attack

  • Omer Gil
  • In Black Hat USA
  • 2017
VIEW 1 EXCERPT

Web Cache Deception Attack. http://omergil.blogspot.com/2017/ 02/web-cache-deception-attack.html

  • Omer Gil
  • 2017
VIEW 1 EXCERPT