Neurohazard
暮雲煙月,皓首窮經;森羅萬象,如是我聞。

相对路径重写 (Relative Path Overwrite, RPO)

wpadmin~April 13, 2019 /InfoSec

相对路径重写 (Relative Path Overwrite, RPO)

RPO 的利用

RPO 的利用通常需要 攻击者 具有 可控上传内容。上传的内容通常是 js 代码。最终造成的效果可以和存储型 XSS 类似。

参考资料

2018年 强网杯 ctf 某道题

相對路徑的攻擊方式 (Relative Path Overwrite,RPO)
https://blog.gslin.org/archives/2018/05/30/8344/%E7%9B%B8%E5%B0%8D%E8%B7%AF%E5%BE%91%E7%9A%84%E6%94%BB%E6%93%8A%E6%96%B9%E5%BC%8F-relative-path-overwite%EF%BC%8Crpo/

Large-scale analysis of style injection by relative path overwrite
https://blog.acolyer.org/2018/05/28/large-scale-analysis-of-style-injection-by-relative-path-overwrite/

RPO Gadgets
https://blog.innerht.ml/rpo-gadgets/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.