Web Application Security
Whitepaper: RPO exploitation techniques Jul 01 2015 03:23AM
Takeshi Terada (mbsdtest01 gmail com)
Dear all,

MBSD released a whitepaper on RPO (Relative Path Overwrite) attack techniques.

1. Introduction
2. Path manipulation techniques
2.1. Loading another file on IIS/ASP.NET
2.2. Loading another file on Safari/Firefox
2.3. Loading another file on WebLogic/IE
2.4. Loading file with query string on WebLogic+Apache
2.5. Attack possibility in other environments
3. Forcing IE's CSS expression via CV
4. Non-stylesheet RPO attacks
5. A path handling bug in CakePHP
6. Conclusion

As shown above, it includes several miscellaneous techniques
that can increase the exploitability of RPO.

Best regards,

Takeshi Terada
Mitsui Bussan Secure Directions, Inc.

This list is sponsored by Cenzic
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus