$30 off During Our Annual Pro Sale. View Details »

Are you content with our current attacks on Con...

Flatt Security
August 05, 2024
2
240

Are you content with our current attacks on Content-Type?

A presentation for BSides Las Vegas 2024.

Flatt Security

August 05, 2024
Tweet

More Decks by Flatt Security

See All by Flatt Security
Flatt Security 会社紹介資料
flatt_security
0
1.1k
codeblue_2024_opentalks.pdf
flatt_security
0
25
開発生産性をむしろ向上させる
セキュリティパートナーの作り方 / Dev Productivity Con 2024
flatt_security
0
980
XSS using dirty Content Type in cloud era
flatt_security
2
14k
「企画力」次第でテックブログのネタは尽きない / How to plan a tech blog
flatt_security
3
590
【2025卒向け】新卒採用・会社説明資料 / Culture Deck for 2025 newgrads
flatt_security
0
1.5k
プロフェッショナルサービス事業部案内 / Professional Services Dept Deck
flatt_security
1
3.9k
スタートアップ・Flatt Securityが技術ブログとオウンドメディアの両方にフルコミットする理由 - はてなブログ DevBlog Meetup #1 LT登壇
flatt_security
0
3.6k
開発者のための GitHub Organization の安全な運用と 継続的なモニタリング
flatt_security
4
9.3k

Featured

See All Featured
Designing for humans not robots
tammielis
250
25k
Thoughts on Productivity
jonyablonski
67
4.3k
We Have a Design System, Now What?
morganepeng
51
7.3k
[RailsConf 2023] Rails as a piece of cake
palkan
53
5k
A Modern Web Designer's Workflow
chriscoyier
693
190k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
365
25k
Designing for Performance
lara
604
68k
Product Roadmaps are Hard
iamctodd
PRO
49
11k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.2k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
48
2.2k

Transcript

  1. "SFZPVDPOUFOUXJUIPVSDVSSFOU BUUBDLTPO$POUFOU5ZQF  B[BSB !B@[BSB@O FJ !FJ  'MBUU4FDVSJUZJOD

  2. 6OFYQFDUFEQBUIGSPN)551SFTQPOTF  VOFYQFDUFEBUUBDLQBUI

  3. 4FMGJOUSPEVDUJPOFJ  &JKJ.PSJFJ 9!FJ  'MBUU4FDVSJUZJOD .VTDMF#SBJO

  4. /PSJIJEF4BJUPB[BSB 9!B@[BSB@O  'MBUU4FDVSJUZJOD 4FMGJOUSPEVDUJPOB[BSB  IUUQTNJTDB[BSBKQ3&"%.&

  5. 5PQJDT 

  6. 8IBUJT$POUFOU5ZQF  0MEBUUBDLQBUIJO)551SFTQPOTF /FXBUUBDLQBUIJO)551SFTQPOTF #VH#PVOUZQSPHSBNSFTFBSDI 044SFTFBSDI .JUJHBUJPOT 5PQJDT 

  7.  8IBUJT$POUFOU5ZQF 

  8. 8IBUJT$POUFOU5ZQF  

  9. 8IBUJT$POUFOU5ZQF  

  10. 8IBUJT$POUFOU5ZQF  

  11. 8IBUJT$POUFOU5ZQF  

  12. 8IBUJT$POUFOU5ZQF  

  13. 8IBUJT$POUFOU5ZQF  

  14.  0MEBUUBDLQBUIJO)551SFTQPOTF 

  15. 0MEBUUBDLQBUIJO)551SFTQPOTF  

  16. 0MEBUUBDLQBUIJO)551SFTQPOTF  

  17. 0MEBUUBDLQBUIJO)551SFTQPOTF  

  18. 0MEBUUBDLQBUIJO)551SFTQPOTF  

  19. 0MEBUUBDLQBUIJO)551SFTQPOTF   &YUFOTJPO QOHKQH  $POUFOU5ZQF JNBHFQOHJNBHFKQH  .BHJDCZUF

  20. 0MEBUUBDLQBUIJO)551SFTQPOTF   &YUFOTJPO QOHKQH  $POUFOU5ZQF JNBHFQOHJNBHFKQH  .BHJDCZUF

  21. 0MEBUUBDLQBUIJO)551SFTQPOTF  

  22.   /FXBUUBDLQBUIJO)551SFTQPOTF

  23. 8IBUJT0CKFDU4UPSBHF   %BUB .FUBEBUB

  24. 8IBUJT0CKFDU4UPSBHF   %BUB .FUBEBUB $POUFOU5ZQF

  25. /FXBUUBDLQBUIJO)551SFTQPOTF  

  26. /FXBUUBDLQBUIJO)551SFTQPOTF  

  27. /FXBUUBDLQBUIJO)551SFTQPOTF  

  28. /FXBUUBDLQBUIJO)551SFTQPOTF  

  29. /FXBUUBDLQBUIJO)551SFTQPOTF   'PSHPUWBMJEBUJPO

  30. /FXBUUBDLQBUIJO)551SFTQPOTF  

  31. /FXBUUBDLQBUIJO)551SFTQPOTF  

  32.  #VH#PVOUZQSPHSBNSFTFBSDI 

  33. %JTDPWFSZJO#VH#PVOUZQSPHSBN   /PWBMJEBUJPO

  34. %JTDPWFSZJO#VH#PVOUZQSPHSBN   /PUVTJOH4

  35. %JTDPWFSZJO#VH#PVOUZQSPHSBN   "DDVSBUFWBMJEBUJPO

  36.  044SFTFBSDI 

  37.  $PEFTFBSDI 

  38. $PEFTFBSDI  

  39. $PEFTFBSDI  

  40. $PEFTFBSDI   /PWBMJEBUJPOPSMBYWBMJEBUJPO

  41. $PEFTFBSDI   /PWBMJEBUJPOPSMBYWBMJEBUJPO 😨

  42.   /PWBMJEBUJPO

  43.  /PWBMJEBUJPOJO)551SFRVFTU 

  44. /PWBMJEBUJPO   /PWBMJEBUJPO

  45. /PWBMJEBUJPO&YBNQMF  

  46. /PWBMJEBUJPO&YBNQMF   6TFEJSFDUWBMVFT

  47. /PWBMJEBUJPO&YBNQMF  

  48. /PWBMJEBUJPO&YBNQMF   7BMJEBUJPO GSPOUFOEPOMZ

  49. /PWBMJEBUJPO&YBNQMF   6QMPBE UFYUIUNM

  50.  /PWBMJEBUJPOJO)551SFTQPOTF 

  51. /PWBMJEBUJPO   /PWBMJEBUJPO

  52. /PWBMJEBUJPO74$PEF&YUFOTJPO  

  53. /PWBMJEBUJPO74$PEF&YUFOTJPO   (FU UFYUIUNM

  54.   7BMJEBUJPOCZQBTT

  55.  7BMJEBUJPOCZQBTTJO)551SFRVFTU 

  56. 7BMJEBUJPOCZQBTT   -BYWBMJEBUJPO

  57. 7BMJEBUJPOCZQBTT   -BYWBMJEBUJPO

  58. #ZQBTTQBUUFSOT  Code Implementations Bypass Examples startsWith(“image/png”) image/png, text/html endsWith(“image/png”)

    text/html; image/png /^image\/png/ image/png, text/html includes(“image/png”) text/html; image/png

  59. 7BMJEBUJPOCZQBTT$7&  

  60. 7BMJEBUJPOCZQBTT$7&  

  61. 7BMJEBUJPOCZQBTT$7&  

  62. 7BMJEBUJPOCZQBTT$7&  

  63. 7BMJEBUJPOCZQBTT$7&  

  64. 7BMJEBUJPOCZQBTT$7&  

  65. 7BMJEBUJPOCZQBTT$7&  

  66. 7BMJEBUJPOCZQBTT$7&   #ZQBTT JNBHFQOH UFYUIUNM

  67.   7BMJEBUJPOCZQBTTJO)551SFTQPOTF

  68. 7BMJEBUJPOCZQBTT   -BYWBMJEBUJPO

  69. 7BMJEBUJPOCZQBTT   -BYWBMJEBUJPO

  70. 7BMJEBUJPOCZQBTT&MFDUSPO  

  71. 7BMJEBUJPOCZQBTT&MFDUSPO   #ZQBTT JNBHFQOH UFYUIUNM

  72. 7BMJEBUJPOCZQBTT$ISPNF&YUFOTJPO  

  73. 7BMJEBUJPOCZQBTT$ISPNF&YUFOTJPO   #ZQBTT UFYUIUNMQEG

  74.  .JUJHBUJPOT 

  75. 4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO   z

  76. 4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO   z

  77.  5IBOLZPVWFSZNVDIGPSMJTUFOJOH

  78. 3FGFSFODFT 

  79. ◦ "NB[PO4 ◦ IUUQTBXTBNB[PODPNKQT ◦ #MBDL'BODPOUFOUUZQFSFTFBSDI ◦ IUUQTHJUIVCDPN#MBDL'BODPOUFOUUZQFSFTFBSDICMPC NBTUFS944NE ◦

    $BSSJFSXBWF ◦ IUUQTHJUIVCDPNDBSSJFSXBWFVQMPBEFSDBSSJFSXBWF ◦ $7& ◦ IUUQTHJUIVCDPNDBSSJFSXBWFVQMPBEFSDBSSJFSXBWF TFDVSJUZBEWJTPSJFT()4"HYIYHGRIK 3FGFSFODF 

  80. 23DPEF  IUUQTTQFBLFSEFDLDPNGMBUU@TFDVSJUZBSFZPVDPOUFOUXJUIPVSDVSSFOUBUUBDLTPODPOUFOUUZQF

  81. #ZQBTTUFDIOJRVF   IUUQTCTJEFTUPLZPFOYTTVTJOHEJSUZDPOUFOUUZQFJODMPVEFSB

  82. '"2 

  83. 9445ISFBUT  4UPSFE944

  84. &TTFOUJBM5IJOHT   /PWBMJEBUJPO