Large-Scale Analysis of Style Injection by Relative Path Overwrite.
作者: Sajjad Arshad , Seyed Ali Mirheidari , Tobias Lauinger , Bruno Crispo , Engin Kirda
关键词:
摘要: Relative Path Overwrite (RPO) is a recent technique to inject style directives into sites even when no sink or markup injection vulnerability present. It exploits differences in how browsers and web servers interpret relative paths (i.e., path confusion) make HTML page reference itself as stylesheet; simple text along with browsers' leniency parsing CSS resources results an attacker's ability that will be interpreted by the browser. Even though may appear less serious threat than script injection, it has been shown enables range of attacks, including secret exfiltration. In this paper, we present first large-scale study Web measure prevalence significance using RPO. Our work shows around 9% Alexa Top 10,000 contain at least one vulnerable page, out which more third can exploited. We analyze detail various impediments successful exploitation, recommendations for remediation. In contrast relatively countermeasures exist mitigate injection. However, there appears little awareness attack vector evidenced popular Content Management Systems (CMSes) found exploitable.
arxiv.org
harvard.edu
sci-hub.se 参考文章(24)
Prithvi Bisht, V. N. Venkatakrishnan, XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks international conference on detection of intrusions and malware and vulnerability assessment. pp. 23- 43 ,(2008) , 10.1007/978-3-540-70542-0_2
Sid Stamm, Brandon Sterne, Gervase Markham, Reining in the web with content security policy the web conference. pp. 921- 930 ,(2010) , 10.1145/1772690.1772784
Adam Doupé, Weidong Cui, Mariusz H. Jakubowski, Marcus Peinado, Christopher Kruegel, Giovanni Vigna, deDacota: toward preventing server-side XSS via automatic code and data separation computer and communications security. pp. 1205- 1216 ,(2013) , 10.1145/2508859.2516708
Sebastian Lekies, Ben Stock, Martin Johns, 25 million flows later: large-scale detection of DOM-based XSS computer and communications security. pp. 1193- 1204 ,(2013) , 10.1145/2508859.2516703
Christoph Kern, Securing the tangled web Communications of The ACM. ,vol. 57, pp. 38- 47 ,(2014) , 10.1145/2643134
Daniel Bates, Adam Barth, Collin Jackson, Regular expressions considered harmful in client-side XSS filters the web conference. pp. 91- 100 ,(2010) , 10.1145/1772690.1772701
Lin-Shung Huang, Zack Weinberg, Chris Evans, Collin Jackson, Protecting browsers from cross-origin CSS attacks computer and communications security. pp. 619- 629 ,(2010) , 10.1145/1866307.1866376
Terri Oda, Glenn Wurster, P. C. van Oorschot, Anil Somayaji, SOMA Proceedings of the 15th ACM conference on Computer and communications security - CCS '08. pp. 89- 98 ,(2008) , 10.1145/1455770.1455783
Bin Liang, Wei You, Liangkun Liu, Wenchang Shi, Mario Heiderich, Scriptless Timing Attacks on Web Browser Privacy dependable systems and networks. pp. 112- 123 ,(2014) , 10.1109/DSN.2014.93
Steven Van Acker, Nick Nikiforakis, Lieven Desmet, Wouter Joosen, Frank Piessens, FlashOver: automated discovery of cross-site scripting vulnerabilities in rich internet applications computer and communications security. pp. 12- 13 ,(2012) , 10.1145/2414456.2414462