Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Are you content with our current attacks on Con...

Avatar for GMO Flatt Security GMO Flatt Security
August 05, 2024
2
390

Are you content with our current attacks on Content-Type?

A presentation for BSides Las Vegas 2024.

Avatar for GMO Flatt Security

GMO Flatt Security

August 05, 2024
Tweet

More Decks by GMO Flatt Security

See All by GMO Flatt Security
診断AIエージェントによるセキュリティの未来 – 著名OSS向け0-dayリサーチを例に
Avatar for GMO Flatt Security flatt_security
2
970
セキュリティ診断AIエージェント「Takumi」の雇用によって実現する開発生産性の向上
Avatar for GMO Flatt Security flatt_security
0
25
AIエージェントの「作業場」としてのサンドボックス技術
Avatar for GMO Flatt Security flatt_security
1
20
セキュリティ診断AIエージェント Takumi がもたらす変化 - 著名OSS 向け0-dayリサーチを例に
Avatar for GMO Flatt Security flatt_security
0
61
「攻め」と「守り」で理解する PHP アプリケーション
Avatar for GMO Flatt Security flatt_security
1
310
セキュリティ視点からみる生成AIアプリケーションとMCP ~ 脅威とリスク、認可・権限 ~
Avatar for GMO Flatt Security flatt_security
5
3.3k
脅威をモデリングしてMCPのセキュリティ対策を考えよう
Avatar for GMO Flatt Security flatt_security
6
2.8k
利用者目線で考える、MCPを安全に使うために
Avatar for GMO Flatt Security flatt_security
6
2.5k
アプリケーション固有の「ロジックの脆弱性」を防ぐ開発者のためのセキュリティ観点
Avatar for GMO Flatt Security flatt_security
43
21k

Featured

See All Featured
Automating Front-end Workflow
Avatar for Addy Osmani addyosmani
1370
200k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
Avatar for Marc Duiker marcduiker
31
2.2k
For a Future-Friendly Web
Avatar for Brad Frost brad_frost
179
9.9k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
Avatar for Sam Stephenson sstephenson
161
15k
Building a Modern Day 
E-commerce SEO Strategy
Avatar for Aleyda Solis aleyda
43
7.4k
[RailsConf 2023] Rails as a piece of cake
Avatar for Vladimir Dementyev palkan
56
5.7k
Raft: Consensus for Rubyists
Avatar for Patrick Van Stee vanstee
140
7.1k
Measuring & Analyzing Core Web Vitals
Avatar for Philip Tellis bluesmoon
8
550
Why Our Code Smells
Avatar for Brandon Keepers bkeepers
PRO
337
57k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
Avatar for Dan Newman danielanewman
229
22k
Speed Design
Avatar for Sergey Chernyshev sergeychernyshev
32
1.1k
Embracing the Ebb and Flow
Avatar for Simon Collison colly
86
4.8k

Transcript

  1. "SFZPVDPOUFOUXJUIPVSDVSSFOU BUUBDLTPO$POUFOU5ZQF  B[BSB !B@[BSB@O FJ !FJ  'MBUU4FDVSJUZJOD

  2. 6OFYQFDUFEQBUIGSPN)551SFTQPOTF  VOFYQFDUFEBUUBDLQBUI

  3. 4FMGJOUSPEVDUJPOFJ  &JKJ.PSJFJ 9!FJ  'MBUU4FDVSJUZJOD .VTDMF#SBJO

  4. /PSJIJEF4BJUPB[BSB 9!B@[BSB@O  'MBUU4FDVSJUZJOD 4FMGJOUSPEVDUJPOB[BSB  IUUQTNJTDB[BSBKQ3&"%.&

  5. 5PQJDT 

  6. 8IBUJT$POUFOU5ZQF  0MEBUUBDLQBUIJO)551SFTQPOTF /FXBUUBDLQBUIJO)551SFTQPOTF #VH#PVOUZQSPHSBNSFTFBSDI 044SFTFBSDI .JUJHBUJPOT 5PQJDT 

  7.  8IBUJT$POUFOU5ZQF 

  8. 8IBUJT$POUFOU5ZQF  

  9. 8IBUJT$POUFOU5ZQF  

  10. 8IBUJT$POUFOU5ZQF  

  11. 8IBUJT$POUFOU5ZQF  

  12. 8IBUJT$POUFOU5ZQF  

  13. 8IBUJT$POUFOU5ZQF  

  14.  0MEBUUBDLQBUIJO)551SFTQPOTF 

  15. 0MEBUUBDLQBUIJO)551SFTQPOTF  

  16. 0MEBUUBDLQBUIJO)551SFTQPOTF  

  17. 0MEBUUBDLQBUIJO)551SFTQPOTF  

  18. 0MEBUUBDLQBUIJO)551SFTQPOTF  

  19. 0MEBUUBDLQBUIJO)551SFTQPOTF   &YUFOTJPO QOHKQH  $POUFOU5ZQF JNBHFQOHJNBHFKQH  .BHJDCZUF

  20. 0MEBUUBDLQBUIJO)551SFTQPOTF   &YUFOTJPO QOHKQH  $POUFOU5ZQF JNBHFQOHJNBHFKQH  .BHJDCZUF

  21. 0MEBUUBDLQBUIJO)551SFTQPOTF  

  22.   /FXBUUBDLQBUIJO)551SFTQPOTF

  23. 8IBUJT0CKFDU4UPSBHF   %BUB .FUBEBUB

  24. 8IBUJT0CKFDU4UPSBHF   %BUB .FUBEBUB $POUFOU5ZQF

  25. /FXBUUBDLQBUIJO)551SFTQPOTF  

  26. /FXBUUBDLQBUIJO)551SFTQPOTF  

  27. /FXBUUBDLQBUIJO)551SFTQPOTF  

  28. /FXBUUBDLQBUIJO)551SFTQPOTF  

  29. /FXBUUBDLQBUIJO)551SFTQPOTF   'PSHPUWBMJEBUJPO

  30. /FXBUUBDLQBUIJO)551SFTQPOTF  

  31. /FXBUUBDLQBUIJO)551SFTQPOTF  

  32.  #VH#PVOUZQSPHSBNSFTFBSDI 

  33. %JTDPWFSZJO#VH#PVOUZQSPHSBN   /PWBMJEBUJPO

  34. %JTDPWFSZJO#VH#PVOUZQSPHSBN   /PUVTJOH4

  35. %JTDPWFSZJO#VH#PVOUZQSPHSBN   "DDVSBUFWBMJEBUJPO

  36.  044SFTFBSDI 

  37.  $PEFTFBSDI 

  38. $PEFTFBSDI  

  39. $PEFTFBSDI  

  40. $PEFTFBSDI   /PWBMJEBUJPOPSMBYWBMJEBUJPO

  41. $PEFTFBSDI   /PWBMJEBUJPOPSMBYWBMJEBUJPO 😨

  42.   /PWBMJEBUJPO

  43.  /PWBMJEBUJPOJO)551SFRVFTU 

  44. /PWBMJEBUJPO   /PWBMJEBUJPO

  45. /PWBMJEBUJPO&YBNQMF  

  46. /PWBMJEBUJPO&YBNQMF   6TFEJSFDUWBMVFT

  47. /PWBMJEBUJPO&YBNQMF  

  48. /PWBMJEBUJPO&YBNQMF   7BMJEBUJPO GSPOUFOEPOMZ

  49. /PWBMJEBUJPO&YBNQMF   6QMPBE UFYUIUNM

  50.  /PWBMJEBUJPOJO)551SFTQPOTF 

  51. /PWBMJEBUJPO   /PWBMJEBUJPO

  52. /PWBMJEBUJPO74$PEF&YUFOTJPO  

  53. /PWBMJEBUJPO74$PEF&YUFOTJPO   (FU UFYUIUNM

  54.   7BMJEBUJPOCZQBTT

  55.  7BMJEBUJPOCZQBTTJO)551SFRVFTU 

  56. 7BMJEBUJPOCZQBTT   -BYWBMJEBUJPO

  57. 7BMJEBUJPOCZQBTT   -BYWBMJEBUJPO

  58. #ZQBTTQBUUFSOT  Code Implementations Bypass Examples startsWith(“image/png”) image/png, text/html endsWith(“image/png”)

    text/html; image/png /^image\/png/ image/png, text/html includes(“image/png”) text/html; image/png

  59. 7BMJEBUJPOCZQBTT$7&  

  60. 7BMJEBUJPOCZQBTT$7&  

  61. 7BMJEBUJPOCZQBTT$7&  

  62. 7BMJEBUJPOCZQBTT$7&  

  63. 7BMJEBUJPOCZQBTT$7&  

  64. 7BMJEBUJPOCZQBTT$7&  

  65. 7BMJEBUJPOCZQBTT$7&  

  66. 7BMJEBUJPOCZQBTT$7&   #ZQBTT JNBHFQOH UFYUIUNM

  67.   7BMJEBUJPOCZQBTTJO)551SFTQPOTF

  68. 7BMJEBUJPOCZQBTT   -BYWBMJEBUJPO

  69. 7BMJEBUJPOCZQBTT   -BYWBMJEBUJPO

  70. 7BMJEBUJPOCZQBTT&MFDUSPO  

  71. 7BMJEBUJPOCZQBTT&MFDUSPO   #ZQBTT JNBHFQOH UFYUIUNM

  72. 7BMJEBUJPOCZQBTT$ISPNF&YUFOTJPO  

  73. 7BMJEBUJPOCZQBTT$ISPNF&YUFOTJPO   #ZQBTT UFYUIUNMQEG

  74.  .JUJHBUJPOT 

  75. 4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO   z

  76. 4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO   z

  77.  5IBOLZPVWFSZNVDIGPSMJTUFOJOH

  78. 3FGFSFODFT 

  79. ◦ "NB[PO4 ◦ IUUQTBXTBNB[PODPNKQT ◦ #MBDL'BODPOUFOUUZQFSFTFBSDI ◦ IUUQTHJUIVCDPN#MBDL'BODPOUFOUUZQFSFTFBSDICMPC NBTUFS944NE ◦

    $BSSJFSXBWF ◦ IUUQTHJUIVCDPNDBSSJFSXBWFVQMPBEFSDBSSJFSXBWF ◦ $7& ◦ IUUQTHJUIVCDPNDBSSJFSXBWFVQMPBEFSDBSSJFSXBWF TFDVSJUZBEWJTPSJFT()4"HYIYHGRIK 3FGFSFODF 

  80. 23DPEF  IUUQTTQFBLFSEFDLDPNGMBUU@TFDVSJUZBSFZPVDPOUFOUXJUIPVSDVSSFOUBUUBDLTPODPOUFOUUZQF

  81. #ZQBTTUFDIOJRVF   IUUQTCTJEFTUPLZPFOYTTVTJOHEJSUZDPOUFOUUZQFJODMPVEFSB

  82. '"2 

  83. 9445ISFBUT  4UPSFE944

  84. &TTFOUJBM5IJOHT   /PWBMJEBUJPO