WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Whitepaper: RPO exploitation techniques

From: Takeshi Terada <mbsdtest01 () gmail com>
Date: Wed, 1 Jul 2015 12:23:28 +0900
Dear all,

MBSD released a whitepaper on RPO (Relative Path Overwrite) attack techniques.
http://www.mbsd.jp/Whitepaper/rpo.pdf

TOC
1.    Introduction
2.    Path manipulation techniques
2.1.    Loading another file on IIS/ASP.NET
2.2.    Loading another file on Safari/Firefox
2.3.    Loading another file on WebLogic/IE
2.4.    Loading file with query string on WebLogic+Apache
2.5.    Attack possibility in other environments
3.    Forcing IE's CSS expression via CV
4.    Non-stylesheet RPO attacks
5.    A path handling bug in CakePHP
6.    Conclusion

As shown above, it includes several miscellaneous techniques
that can increase the exploitability of RPO.

Best regards,

-- 
Takeshi Terada
Mitsui Bussan Secure Directions, Inc.
http://www.mbsd.jp/



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: