Skip to content

Relative Path Overwrite Vulnerability Scanner

License

Notifications You must be signed in to change notification settings

CryptoGenNepal/RPOscanner

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 

Repository files navigation

RPOscanner By @TheNittam

Relative Path Overwrite Vulnerability Scanner - Version 1

Follow : @CryptoGenNepal

python GitHub license platform

RPO Scanner

Ever heard about RPO Attack?

If not here is the video about Relative Path Overwrite (RPO) Attack. It's a lesser-known web-based vulnerability yet a very cool vulnerability. File descriptor was rewarded with 6000$ for his sweet exploit on this from Google. I have explained about this attack along with the mitigation techniques in our own language (NEPALI Love). It might be fruitful for not only security enthusiastic but also for developers.

Reference

Title Researcher Link
RPO Gadget @filedescriptor https://blog.innerht.ml/rpo-gadgets/
Detecting And Exploiting PRSSI James Kettle https://portswigger.net/research/detecting-and-exploiting-path-relative-stylesheet-import-prssi-vulnerabilities

How to use?

python3 rpo.py <target_domain>

Required Module

pip3 install requests

About

Relative Path Overwrite Vulnerability Scanner

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%