Relative Path Overwrite
Relative Path Overwrite (RPO) is a new attack vector discovered by Gareth Heyes, a renowned web application researcher. RPO exploits the way browsers interpret relative paths while importing CSS files into a document, hence this attack is also referred to as Path Relative Stylesheet Import (PRSSI). If you're not aware of relative and absolute path URL CSS import, then let's have a quick look at:
Relative path import:
<link href="resource/rpo.css" rel="stylesheet" type="text/css"/>
Absolute path import:
<link href="https://sandbox.prakharprasd.com /resource/rpo.css" rel="stylesheet" type="text/css"/>
Here, the rpo.css file contains the following:
h1 { font-family: monospace; color: white; font-size: 50px; } body { background-color: black; }
In the absolute path, we see a full and complete reference to the CSS file, the URL starts with the protocol handler and ends with the file. However, in the relative path, only the directory or file...
