Right to Left Override
Right to Left Override
Overview of the Vulnerability
A Right to Left Override (RLO) character is a unicode character, denoted as U+202E, in systems that can understand unicode. Whenever an RLO character is rendered, all unicode text afterwards will be reversed. An RLO attack in the application allows a malicious attacker to spoof content in a way where it can potentially socially engineer users into disclosing data such as usernames, passwords or other sources of sensitive information.
A successful exploit of an RLO character can trick users to downloading or clicking on files they otherwise would not. These files can include malware or an executable that requires user interaction to successfully infect systems.
Business Impact
This vulnerability can lead to reputational damage and indirect financial loss to the company through the impact to customers’ trust.
Steps to Reproduce
Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
Use a browser to navigate to: {{URL}}
Perform {{action}} and capture the request in the HTTP interception proxy
Append/add an RLO unicode character to: {{parameter}}
Forward or replay the following request to the endpoint:
{{request}}Proof of Concept (PoC)
The screenshot(s) below demonstrates the RLO:
{{screenshot}}
Recommendation(s)
There is no single technique to protect from content spoofing. However, the following best practices should be adhered to:
Validate all input data, including that which is reflected by a request parameter Refrain from passing HTML data via request parameters. Properly encode the HTML before passing it through a request parameter if there is no other way. Refrain from displaying messages via request parameter. It is best practice to use temporary sessions instead.
For more information, please see:
Last updated