Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Are you content with our current attacks on Con...
Search
Flatt Security
August 05, 2024
2
210
Are you content with our current attacks on Content-Type?
A presentation for BSides Las Vegas 2024.
Flatt Security
August 05, 2024
Tweet
Share
More Decks by Flatt Security
See All by Flatt Security
開発生産性をむしろ向上させる セキュリティパートナーの作り方 / Dev Productivity Con 2024
flatt_security
0
940
XSS using dirty Content Type in cloud era
flatt_security
2
14k
「企画力」次第でテックブログのネタは尽きない / How to plan a tech blog
flatt_security
3
560
会社紹介資料 / Culture Deck
flatt_security
0
26k
【2025卒向け】新卒採用・会社説明資料 / Culture Deck for 2025 newgrads
flatt_security
0
1.5k
プロフェッショナルサービス事業部案内 / Professional Services Dept Deck
flatt_security
1
3.8k
スタートアップ・Flatt Securityが技術ブログとオウンドメディアの両方にフルコミットする理由 - はてなブログ DevBlog Meetup #1 LT登壇
flatt_security
0
3.6k
開発者のための GitHub Organization の安全な運用と 継続的なモニタリング
flatt_security
4
9.2k
Featured
See All Featured
Measuring & Analyzing Core Web Vitals
bluesmoon
2
53
The Art of Programming - Codeland 2020
erikaheidi
52
13k
Ruby is Unlike a Banana
tanoku
96
11k
A better future with KSS
kneath
238
17k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
250
21k
Making the Leap to Tech Lead
cromwellryan
133
8.9k
Bash Introduction
62gerente
608
210k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
4
380
Music & Morning Musume
bryan
46
6.1k
Git: the NoSQL Database
bkeepers
PRO
427
64k
Rails Girls Zürich Keynote
gr2m
93
13k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
25
1.8k
Transcript
"SFZPVDPOUFOUXJUIPVSDVSSFOU BUUBDLTPO$POUFOU5ZQF B[BSB !B@[BSB@O FJ !FJ 'MBUU4FDVSJUZJOD
6OFYQFDUFEQBUIGSPN)551SFTQPOTF VOFYQFDUFEBUUBDLQBUI
4FMGJOUSPEVDUJPOFJ &JKJ.PSJFJ 9!FJ 'MBUU4FDVSJUZJOD .VTDMF#SBJO
/PSJIJEF4BJUPB[BSB 9!B@[BSB@O 'MBUU4FDVSJUZJOD 4FMGJOUSPEVDUJPOB[BSB IUUQTNJTDB[BSBKQ3&"%.&
5PQJDT
8IBUJT$POUFOU5ZQF 0MEBUUBDLQBUIJO)551SFTQPOTF /FXBUUBDLQBUIJO)551SFTQPOTF #VH#PVOUZQSPHSBNSFTFBSDI 044SFTFBSDI .JUJHBUJPOT 5PQJDT
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
0MEBUUBDLQBUIJO)551SFTQPOTF
0MEBUUBDLQBUIJO)551SFTQPOTF
0MEBUUBDLQBUIJO)551SFTQPOTF
0MEBUUBDLQBUIJO)551SFTQPOTF
0MEBUUBDLQBUIJO)551SFTQPOTF
0MEBUUBDLQBUIJO)551SFTQPOTF &YUFOTJPO QOHKQH $POUFOU5ZQF JNBHFQOHJNBHFKQH .BHJDCZUF
0MEBUUBDLQBUIJO)551SFTQPOTF &YUFOTJPO QOHKQH $POUFOU5ZQF JNBHFQOHJNBHFKQH .BHJDCZUF
0MEBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF
8IBUJT0CKFDU4UPSBHF %BUB .FUBEBUB
8IBUJT0CKFDU4UPSBHF %BUB .FUBEBUB $POUFOU5ZQF
/FXBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF 'PSHPUWBMJEBUJPO
/FXBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF
#VH#PVOUZQSPHSBNSFTFBSDI
%JTDPWFSZJO#VH#PVOUZQSPHSBN /PWBMJEBUJPO
%JTDPWFSZJO#VH#PVOUZQSPHSBN /PUVTJOH4
%JTDPWFSZJO#VH#PVOUZQSPHSBN "DDVSBUFWBMJEBUJPO
044SFTFBSDI
$PEFTFBSDI
$PEFTFBSDI
$PEFTFBSDI
$PEFTFBSDI /PWBMJEBUJPOPSMBYWBMJEBUJPO
$PEFTFBSDI /PWBMJEBUJPOPSMBYWBMJEBUJPO 😨
/PWBMJEBUJPO
/PWBMJEBUJPOJO)551SFRVFTU
/PWBMJEBUJPO /PWBMJEBUJPO
/PWBMJEBUJPO&YBNQMF
/PWBMJEBUJPO&YBNQMF 6TFEJSFDUWBMVFT
/PWBMJEBUJPO&YBNQMF
/PWBMJEBUJPO&YBNQMF 7BMJEBUJPO GSPOUFOEPOMZ
/PWBMJEBUJPO&YBNQMF 6QMPBE UFYUIUNM
/PWBMJEBUJPOJO)551SFTQPOTF
/PWBMJEBUJPO /PWBMJEBUJPO
/PWBMJEBUJPO74$PEF&YUFOTJPO
/PWBMJEBUJPO74$PEF&YUFOTJPO (FU UFYUIUNM
7BMJEBUJPOCZQBTT
7BMJEBUJPOCZQBTTJO)551SFRVFTU
7BMJEBUJPOCZQBTT -BYWBMJEBUJPO
7BMJEBUJPOCZQBTT -BYWBMJEBUJPO
#ZQBTTQBUUFSOT Code Implementations Bypass Examples startsWith(“image/png”) image/png, text/html endsWith(“image/png”)
text/html; image/png /^image\/png/ image/png, text/html includes(“image/png”) text/html; image/png
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7& #ZQBTT JNBHFQOH UFYUIUNM
7BMJEBUJPOCZQBTTJO)551SFTQPOTF
7BMJEBUJPOCZQBTT -BYWBMJEBUJPO
7BMJEBUJPOCZQBTT -BYWBMJEBUJPO
7BMJEBUJPOCZQBTT&MFDUSPO
7BMJEBUJPOCZQBTT&MFDUSPO #ZQBTT JNBHFQOH UFYUIUNM
7BMJEBUJPOCZQBTT$ISPNF&YUFOTJPO
7BMJEBUJPOCZQBTT$ISPNF&YUFOTJPO #ZQBTT UFYUIUNMQEG
.JUJHBUJPOT
4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO z
4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO z
5IBOLZPVWFSZNVDIGPSMJTUFOJOH
3FGFSFODFT
◦ "NB[PO4 ◦ IUUQTBXTBNB[PODPNKQT ◦ #MBDL'BODPOUFOUUZQFSFTFBSDI ◦ IUUQTHJUIVCDPN#MBDL'BODPOUFOUUZQFSFTFBSDICMPC NBTUFS944NE ◦
$BSSJFSXBWF ◦ IUUQTHJUIVCDPNDBSSJFSXBWFVQMPBEFSDBSSJFSXBWF ◦ $7& ◦ IUUQTHJUIVCDPNDBSSJFSXBWFVQMPBEFSDBSSJFSXBWF TFDVSJUZBEWJTPSJFT()4"HYIYHGRIK 3FGFSFODF
23DPEF IUUQTTQFBLFSEFDLDPNGMBUU@TFDVSJUZBSFZPVDPOUFOUXJUIPVSDVSSFOUBUUBDLTPODPOUFOUUZQF
#ZQBTTUFDIOJRVF IUUQTCTJEFTUPLZPFOYTTVTJOHEJSUZDPOUFOUUZQFJODMPVEFSB
'"2
9445ISFBUT 4UPSFE944
&TTFOUJBM5IJOHT /PWBMJEBUJPO