A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf
.
Large-Scale Analysis of Style Injection by Relative Path Overwrite
2018
Proceedings of the 2018 World Wide Web Conference on World Wide Web - WWW '18
Relative Path Overwrite (RPO) is a recent technique to inject style directives into sites even when no style sink or markup injection vulnerability is present. It exploits differences in how browsers and web servers interpret relative paths (i.e., path confusion) to make a HTML page reference itself as a stylesheet; a simple text injection vulnerability along with browsers' leniency in parsing CSS resources results in an attacker's ability to inject style directives that will be interpreted by
doi:10.1145/3178876.3186090
dblp:conf/www/ArshadMLCKR18
fatcat:ul6grhiscnampjwiopba6kffse