Lock in $30 Savings on PRO—Offer Ends Soon! ⏳

Are you content with our current attacks on Con...

Avatar for GMO Flatt Security GMO Flatt Security
August 05, 2024
2
430

Are you content with our current attacks on Content-Type?

A presentation for BSides Las Vegas 2024.

Avatar for GMO Flatt Security

GMO Flatt Security

August 05, 2024
Tweet

More Decks by GMO Flatt Security

See All by GMO Flatt Security
OSSをつくる人・つかう人と伴走するセキュリティ診断AIエージェント - その開発の歩み
Avatar for GMO Flatt Security flatt_security
1
24
セキュリティAIエージェントの現在と未来 / PSS #2 Takumi Session
Avatar for GMO Flatt Security flatt_security
3
1.6k
GMO Flatt Security 会社紹介資料
Avatar for GMO Flatt Security flatt_security
0
22k
ブラウザ拡張のセキュリティの話 / Browser Extension Security
Avatar for GMO Flatt Security flatt_security
0
270
AIエージェントSaaSを安全に提供する技術 / Architecture Conference 2025
Avatar for GMO Flatt Security flatt_security
3
6k
How We Built a Secure Sandbox Platform for AI Agents
Avatar for GMO Flatt Security flatt_security
2
280
Goに育てられ開発者向けセキュリティ事業を立ち上げた僕が今向き合う、AI × セキュリティの最前線 / Go Conference 2025
Avatar for GMO Flatt Security flatt_security
0
650
LLMアプリケーション開発におけるセキュリティリスクと対策 / LLM Application Security
Avatar for GMO Flatt Security flatt_security
8
3k
診断AIエージェントによるセキュリティの未来 – 著名OSS向け0-dayリサーチを例に
Avatar for GMO Flatt Security flatt_security
2
1.1k

Featured

See All Featured
Docker and Python
Avatar for Tania Allard trallard
47
3.7k
Six Lessons from altMBA
Avatar for Skipper Chong Warson skipperchong
29
4.1k
Optimizing for Happiness
Avatar for Tom Preston-Werner mojombo
379
70k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
Avatar for Chris Coyier chriscoyier
508
140k
Building a Modern Day 
E-commerce SEO Strategy
Avatar for Aleyda Solis aleyda
45
8.3k
The Cost Of JavaScript in 2023
Avatar for Addy Osmani addyosmani
55
9.3k
Building Flexible Design Systems
Avatar for Yesenia Perez-Cruz yeseniaperezcruz
330
39k
Designing for Performance
Avatar for Lara Hogan lara
610
69k
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
73
11k
It's Worth the Effort
Avatar for 3n 3n
187
29k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
Avatar for Joe Casabona jcasabona
34
2.5k
JavaScript: Past, Present, and Future - NDC Porto 2020
Avatar for David Neal reverentgeek
52
5.8k

Transcript

  1. "SFZPVDPOUFOUXJUIPVSDVSSFOU BUUBDLTPO$POUFOU5ZQF  B[BSB !B@[BSB@O FJ !FJ  'MBUU4FDVSJUZJOD

  2. 6OFYQFDUFEQBUIGSPN)551SFTQPOTF  VOFYQFDUFEBUUBDLQBUI

  3. 4FMGJOUSPEVDUJPOFJ  &JKJ.PSJFJ 9!FJ  'MBUU4FDVSJUZJOD .VTDMF#SBJO

  4. /PSJIJEF4BJUPB[BSB 9!B@[BSB@O  'MBUU4FDVSJUZJOD 4FMGJOUSPEVDUJPOB[BSB  IUUQTNJTDB[BSBKQ3&"%.&

  5. 5PQJDT 

  6. 8IBUJT$POUFOU5ZQF  0MEBUUBDLQBUIJO)551SFTQPOTF /FXBUUBDLQBUIJO)551SFTQPOTF #VH#PVOUZQSPHSBNSFTFBSDI 044SFTFBSDI .JUJHBUJPOT 5PQJDT 

  7.  8IBUJT$POUFOU5ZQF 

  8. 8IBUJT$POUFOU5ZQF  

  9. 8IBUJT$POUFOU5ZQF  

  10. 8IBUJT$POUFOU5ZQF  

  11. 8IBUJT$POUFOU5ZQF  

  12. 8IBUJT$POUFOU5ZQF  

  13. 8IBUJT$POUFOU5ZQF  

  14.  0MEBUUBDLQBUIJO)551SFTQPOTF 

  15. 0MEBUUBDLQBUIJO)551SFTQPOTF  

  16. 0MEBUUBDLQBUIJO)551SFTQPOTF  

  17. 0MEBUUBDLQBUIJO)551SFTQPOTF  

  18. 0MEBUUBDLQBUIJO)551SFTQPOTF  

  19. 0MEBUUBDLQBUIJO)551SFTQPOTF   &YUFOTJPO QOHKQH  $POUFOU5ZQF JNBHFQOHJNBHFKQH  .BHJDCZUF

  20. 0MEBUUBDLQBUIJO)551SFTQPOTF   &YUFOTJPO QOHKQH  $POUFOU5ZQF JNBHFQOHJNBHFKQH  .BHJDCZUF

  21. 0MEBUUBDLQBUIJO)551SFTQPOTF  

  22.   /FXBUUBDLQBUIJO)551SFTQPOTF

  23. 8IBUJT0CKFDU4UPSBHF   %BUB .FUBEBUB

  24. 8IBUJT0CKFDU4UPSBHF   %BUB .FUBEBUB $POUFOU5ZQF

  25. /FXBUUBDLQBUIJO)551SFTQPOTF  

  26. /FXBUUBDLQBUIJO)551SFTQPOTF  

  27. /FXBUUBDLQBUIJO)551SFTQPOTF  

  28. /FXBUUBDLQBUIJO)551SFTQPOTF  

  29. /FXBUUBDLQBUIJO)551SFTQPOTF   'PSHPUWBMJEBUJPO

  30. /FXBUUBDLQBUIJO)551SFTQPOTF  

  31. /FXBUUBDLQBUIJO)551SFTQPOTF  

  32.  #VH#PVOUZQSPHSBNSFTFBSDI 

  33. %JTDPWFSZJO#VH#PVOUZQSPHSBN   /PWBMJEBUJPO

  34. %JTDPWFSZJO#VH#PVOUZQSPHSBN   /PUVTJOH4

  35. %JTDPWFSZJO#VH#PVOUZQSPHSBN   "DDVSBUFWBMJEBUJPO

  36.  044SFTFBSDI 

  37.  $PEFTFBSDI 

  38. $PEFTFBSDI  

  39. $PEFTFBSDI  

  40. $PEFTFBSDI   /PWBMJEBUJPOPSMBYWBMJEBUJPO

  41. $PEFTFBSDI   /PWBMJEBUJPOPSMBYWBMJEBUJPO 😨

  42.   /PWBMJEBUJPO

  43.  /PWBMJEBUJPOJO)551SFRVFTU 

  44. /PWBMJEBUJPO   /PWBMJEBUJPO

  45. /PWBMJEBUJPO&YBNQMF  

  46. /PWBMJEBUJPO&YBNQMF   6TFEJSFDUWBMVFT

  47. /PWBMJEBUJPO&YBNQMF  

  48. /PWBMJEBUJPO&YBNQMF   7BMJEBUJPO GSPOUFOEPOMZ

  49. /PWBMJEBUJPO&YBNQMF   6QMPBE UFYUIUNM

  50.  /PWBMJEBUJPOJO)551SFTQPOTF 

  51. /PWBMJEBUJPO   /PWBMJEBUJPO

  52. /PWBMJEBUJPO74$PEF&YUFOTJPO  

  53. /PWBMJEBUJPO74$PEF&YUFOTJPO   (FU UFYUIUNM

  54.   7BMJEBUJPOCZQBTT

  55.  7BMJEBUJPOCZQBTTJO)551SFRVFTU 

  56. 7BMJEBUJPOCZQBTT   -BYWBMJEBUJPO

  57. 7BMJEBUJPOCZQBTT   -BYWBMJEBUJPO

  58. #ZQBTTQBUUFSOT  Code Implementations Bypass Examples startsWith(“image/png”) image/png, text/html endsWith(“image/png”)

    text/html; image/png /^image\/png/ image/png, text/html includes(“image/png”) text/html; image/png

  59. 7BMJEBUJPOCZQBTT$7&  

  60. 7BMJEBUJPOCZQBTT$7&  

  61. 7BMJEBUJPOCZQBTT$7&  

  62. 7BMJEBUJPOCZQBTT$7&  

  63. 7BMJEBUJPOCZQBTT$7&  

  64. 7BMJEBUJPOCZQBTT$7&  

  65. 7BMJEBUJPOCZQBTT$7&  

  66. 7BMJEBUJPOCZQBTT$7&   #ZQBTT JNBHFQOH UFYUIUNM

  67.   7BMJEBUJPOCZQBTTJO)551SFTQPOTF

  68. 7BMJEBUJPOCZQBTT   -BYWBMJEBUJPO

  69. 7BMJEBUJPOCZQBTT   -BYWBMJEBUJPO

  70. 7BMJEBUJPOCZQBTT&MFDUSPO  

  71. 7BMJEBUJPOCZQBTT&MFDUSPO   #ZQBTT JNBHFQOH UFYUIUNM

  72. 7BMJEBUJPOCZQBTT$ISPNF&YUFOTJPO  

  73. 7BMJEBUJPOCZQBTT$ISPNF&YUFOTJPO   #ZQBTT UFYUIUNMQEG

  74.  .JUJHBUJPOT 

  75. 4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO   z

  76. 4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO   z

  77.  5IBOLZPVWFSZNVDIGPSMJTUFOJOH

  78. 3FGFSFODFT 

  79. ◦ "NB[PO4 ◦ IUUQTBXTBNB[PODPNKQT ◦ #MBDL'BODPOUFOUUZQFSFTFBSDI ◦ IUUQTHJUIVCDPN#MBDL'BODPOUFOUUZQFSFTFBSDICMPC NBTUFS944NE ◦

    $BSSJFSXBWF ◦ IUUQTHJUIVCDPNDBSSJFSXBWFVQMPBEFSDBSSJFSXBWF ◦ $7& ◦ IUUQTHJUIVCDPNDBSSJFSXBWFVQMPBEFSDBSSJFSXBWF TFDVSJUZBEWJTPSJFT()4"HYIYHGRIK 3FGFSFODF 

  80. 23DPEF  IUUQTTQFBLFSEFDLDPNGMBUU@TFDVSJUZBSFZPVDPOUFOUXJUIPVSDVSSFOUBUUBDLTPODPOUFOUUZQF

  81. #ZQBTTUFDIOJRVF   IUUQTCTJEFTUPLZPFOYTTVTJOHEJSUZDPOUFOUUZQFJODMPVEFSB

  82. '"2 

  83. 9445ISFBUT  4UPSFE944

  84. &TTFOUJBM5IJOHT   /PWBMJEBUJPO