A comprehensive method to find RPO trajectory and incentive scheme for promotion of renewable energy in India with study of impact of RPO on tariff

Shereef, R. M.; Khaparde, S.A.

doi:10.1016/j.enpol.2013.06.039

Cited by 4 publications

(4 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The first account of RPO is attributed to a blog post by Gareth Heyes [50], introducing selfreferencing a PHP script with server-side URL rewriting. Furthermore, the post notes that certain versions of Internet Explorer allow JavaScript execution from within a CSS context in the Compatibility View mode [85], escalating style injection to XSS [128].…”

Section: Relative Path Overwritementioning

confidence: 99%

“…This semantic disconnect between web browsers and web servers in interpreting relative paths (path confusion) could be exploited by Relative Path Overwrite (RPO). When an injection vulnerability is present in a page, an attacker could manipulate the URL such that the web page references itself as the stylesheet, which turns a simple text injection vulnerability into a style sink [50]. The general threat model of RPO resembles that of Cross-Site Scripting (XSS).…”

Section: Chapter 1 Introductionmentioning

confidence: 99%

“…There are many existing techniques of how style directives could be injected into a site [47,53]. A relatively recent class of attacks is Relative Path Overwrite (RPO), first proposed in a blog post by Gareth Heyes [50] in 2014. These attacks exploit the semantic disconnect between web browsers and web servers in interpreting relative paths (path confusion).…”

Section: Introductionmentioning

confidence: 99%

“…For example, an attacker could manipulate the URL to make the page include user-generated content hosted on the same domain [116]. When an injection vulnerability is present in a page, an attacker could manipulate the URL such that the web page references itself as the stylesheet, which turns a simple text injection vulnerability into a style sink [50]. Among these attack instantiations, the latter variant has preconditions that are comparatively frequently met by sites.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Understanding and mitigating the security risks of content inclusion in web browsers

Arshad¹

View full text Add to dashboard Cite

Thanks to the wide range of features o ered by web browsers, modern websites include various types of content such as JavaScript and Cascading Style Sheets (CSS) in order to create interactive user interfaces. Browser vendors also provided extensions to enhance web browsers with additional useful capabilities that are not necessarily maintained or supported by default.However, included content can introduce security risks to users of these websites, unbeknownst to both website operators and users. In addition, the browser's interpretation of the resource URLs may be very di erent from how the web server resolves the URL to determine which resource should be returned to the browser. The URL may not correspond to an actual server-side file system structure at all, or the web server may internally rewrite parts of the URL. This semantic disconnect between web browsers and web servers in interpreting relative paths (path confusion) could be exploited by Relative Path Overwrite (RPO). On the other hand, even tough extensions provide useful additional functionality for web browsers, I would like to thank my advisors, William Robertson and Engin Kirda, for their support and valuable insights during my Ph.D. career. I am also thankful for working alongside my brilliant colleagues from whom I learned a lot:

show abstract

Section: Relative Path Overwritementioning

confidence: 99%

Section: Chapter 1 Introductionmentioning

confidence: 99%