Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Are you content with our current attacks on Con...

GMO Flatt Security
August 05, 2024
2
320

Are you content with our current attacks on Content-Type?

A presentation for BSides Las Vegas 2024.

GMO Flatt Security

August 05, 2024
Tweet

More Decks by GMO Flatt Security

See All by GMO Flatt Security
開発組織のための セキュアコーディング研修の始め方
flatt_security
3
2.5k
GMO Flatt SecurityにおけるKubernetesセキュリティ診断について
flatt_security
0
76
Flatt Security XSS Challenge 解答・解説
flatt_security
0
1.3k
GMO Flatt Security 会社紹介資料
flatt_security
0
6.2k
codeblue_2024_opentalks.pdf
flatt_security
0
100
開発生産性をむしろ向上させる
セキュリティパートナーの作り方 / Dev Productivity Con 2024
flatt_security
0
1.1k
XSS using dirty Content Type in cloud era
flatt_security
2
16k
「企画力」次第でテックブログのネタは尽きない / How to plan a tech blog
flatt_security
3
660
【2025卒向け】新卒採用・会社説明資料 / Culture Deck for 2025 newgrads
flatt_security
0
1.6k

Featured

See All Featured
Building a Modern Day 
E-commerce SEO Strategy
aleyda
38
7.1k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
30
2.2k
The Pragmatic Product Professional
lauravandoore
32
6.4k
Typedesign – Prime Four
hannesfritz
40
2.5k
Building Flexible Design Systems
yeseniaperezcruz
328
38k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
Visualization
eitanlees
146
15k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.1k
Facilitating Awesome Meetings
lara
52
6.2k
Git: the NoSQL Database
bkeepers
PRO
427
64k
GraphQLの誤解/rethinking-graphql
sonatard
68
10k

Transcript

  1. "SFZPVDPOUFOUXJUIPVSDVSSFOU BUUBDLTPO$POUFOU5ZQF  B[BSB !B@[BSB@O FJ !FJ  'MBUU4FDVSJUZJOD

  2. 6OFYQFDUFEQBUIGSPN)551SFTQPOTF  VOFYQFDUFEBUUBDLQBUI

  3. 4FMGJOUSPEVDUJPOFJ  &JKJ.PSJFJ 9!FJ  'MBUU4FDVSJUZJOD .VTDMF#SBJO

  4. /PSJIJEF4BJUPB[BSB 9!B@[BSB@O  'MBUU4FDVSJUZJOD 4FMGJOUSPEVDUJPOB[BSB  IUUQTNJTDB[BSBKQ3&"%.&

  5. 5PQJDT 

  6. 8IBUJT$POUFOU5ZQF  0MEBUUBDLQBUIJO)551SFTQPOTF /FXBUUBDLQBUIJO)551SFTQPOTF #VH#PVOUZQSPHSBNSFTFBSDI 044SFTFBSDI .JUJHBUJPOT 5PQJDT 

  7.  8IBUJT$POUFOU5ZQF 

  8. 8IBUJT$POUFOU5ZQF  

  9. 8IBUJT$POUFOU5ZQF  

  10. 8IBUJT$POUFOU5ZQF  

  11. 8IBUJT$POUFOU5ZQF  

  12. 8IBUJT$POUFOU5ZQF  

  13. 8IBUJT$POUFOU5ZQF  

  14.  0MEBUUBDLQBUIJO)551SFTQPOTF 

  15. 0MEBUUBDLQBUIJO)551SFTQPOTF  

  16. 0MEBUUBDLQBUIJO)551SFTQPOTF  

  17. 0MEBUUBDLQBUIJO)551SFTQPOTF  

  18. 0MEBUUBDLQBUIJO)551SFTQPOTF  

  19. 0MEBUUBDLQBUIJO)551SFTQPOTF   &YUFOTJPO QOHKQH  $POUFOU5ZQF JNBHFQOHJNBHFKQH  .BHJDCZUF

  20. 0MEBUUBDLQBUIJO)551SFTQPOTF   &YUFOTJPO QOHKQH  $POUFOU5ZQF JNBHFQOHJNBHFKQH  .BHJDCZUF

  21. 0MEBUUBDLQBUIJO)551SFTQPOTF  

  22.   /FXBUUBDLQBUIJO)551SFTQPOTF

  23. 8IBUJT0CKFDU4UPSBHF   %BUB .FUBEBUB

  24. 8IBUJT0CKFDU4UPSBHF   %BUB .FUBEBUB $POUFOU5ZQF

  25. /FXBUUBDLQBUIJO)551SFTQPOTF  

  26. /FXBUUBDLQBUIJO)551SFTQPOTF  

  27. /FXBUUBDLQBUIJO)551SFTQPOTF  

  28. /FXBUUBDLQBUIJO)551SFTQPOTF  

  29. /FXBUUBDLQBUIJO)551SFTQPOTF   'PSHPUWBMJEBUJPO

  30. /FXBUUBDLQBUIJO)551SFTQPOTF  

  31. /FXBUUBDLQBUIJO)551SFTQPOTF  

  32.  #VH#PVOUZQSPHSBNSFTFBSDI 

  33. %JTDPWFSZJO#VH#PVOUZQSPHSBN   /PWBMJEBUJPO

  34. %JTDPWFSZJO#VH#PVOUZQSPHSBN   /PUVTJOH4

  35. %JTDPWFSZJO#VH#PVOUZQSPHSBN   "DDVSBUFWBMJEBUJPO

  36.  044SFTFBSDI 

  37.  $PEFTFBSDI 

  38. $PEFTFBSDI  

  39. $PEFTFBSDI  

  40. $PEFTFBSDI   /PWBMJEBUJPOPSMBYWBMJEBUJPO

  41. $PEFTFBSDI   /PWBMJEBUJPOPSMBYWBMJEBUJPO 😨

  42.   /PWBMJEBUJPO

  43.  /PWBMJEBUJPOJO)551SFRVFTU 

  44. /PWBMJEBUJPO   /PWBMJEBUJPO

  45. /PWBMJEBUJPO&YBNQMF  

  46. /PWBMJEBUJPO&YBNQMF   6TFEJSFDUWBMVFT

  47. /PWBMJEBUJPO&YBNQMF  

  48. /PWBMJEBUJPO&YBNQMF   7BMJEBUJPO GSPOUFOEPOMZ

  49. /PWBMJEBUJPO&YBNQMF   6QMPBE UFYUIUNM

  50.  /PWBMJEBUJPOJO)551SFTQPOTF 

  51. /PWBMJEBUJPO   /PWBMJEBUJPO

  52. /PWBMJEBUJPO74$PEF&YUFOTJPO  

  53. /PWBMJEBUJPO74$PEF&YUFOTJPO   (FU UFYUIUNM

  54.   7BMJEBUJPOCZQBTT

  55.  7BMJEBUJPOCZQBTTJO)551SFRVFTU 

  56. 7BMJEBUJPOCZQBTT   -BYWBMJEBUJPO

  57. 7BMJEBUJPOCZQBTT   -BYWBMJEBUJPO

  58. #ZQBTTQBUUFSOT  Code Implementations Bypass Examples startsWith(“image/png”) image/png, text/html endsWith(“image/png”)

    text/html; image/png /^image\/png/ image/png, text/html includes(“image/png”) text/html; image/png

  59. 7BMJEBUJPOCZQBTT$7&  

  60. 7BMJEBUJPOCZQBTT$7&  

  61. 7BMJEBUJPOCZQBTT$7&  

  62. 7BMJEBUJPOCZQBTT$7&  

  63. 7BMJEBUJPOCZQBTT$7&  

  64. 7BMJEBUJPOCZQBTT$7&  

  65. 7BMJEBUJPOCZQBTT$7&  

  66. 7BMJEBUJPOCZQBTT$7&   #ZQBTT JNBHFQOH UFYUIUNM

  67.   7BMJEBUJPOCZQBTTJO)551SFTQPOTF

  68. 7BMJEBUJPOCZQBTT   -BYWBMJEBUJPO

  69. 7BMJEBUJPOCZQBTT   -BYWBMJEBUJPO

  70. 7BMJEBUJPOCZQBTT&MFDUSPO  

  71. 7BMJEBUJPOCZQBTT&MFDUSPO   #ZQBTT JNBHFQOH UFYUIUNM

  72. 7BMJEBUJPOCZQBTT$ISPNF&YUFOTJPO  

  73. 7BMJEBUJPOCZQBTT$ISPNF&YUFOTJPO   #ZQBTT UFYUIUNMQEG

  74.  .JUJHBUJPOT 

  75. 4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO   z

  76. 4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO   z

  77.  5IBOLZPVWFSZNVDIGPSMJTUFOJOH

  78. 3FGFSFODFT 

  79. ◦ "NB[PO4 ◦ IUUQTBXTBNB[PODPNKQT ◦ #MBDL'BODPOUFOUUZQFSFTFBSDI ◦ IUUQTHJUIVCDPN#MBDL'BODPOUFOUUZQFSFTFBSDICMPC NBTUFS944NE ◦

    $BSSJFSXBWF ◦ IUUQTHJUIVCDPNDBSSJFSXBWFVQMPBEFSDBSSJFSXBWF ◦ $7& ◦ IUUQTHJUIVCDPNDBSSJFSXBWFVQMPBEFSDBSSJFSXBWF TFDVSJUZBEWJTPSJFT()4"HYIYHGRIK 3FGFSFODF 

  80. 23DPEF  IUUQTTQFBLFSEFDLDPNGMBUU@TFDVSJUZBSFZPVDPOUFOUXJUIPVSDVSSFOUBUUBDLTPODPOUFOUUZQF

  81. #ZQBTTUFDIOJRVF   IUUQTCTJEFTUPLZPFOYTTVTJOHEJSUZDPOUFOUUZQFJODMPVEFSB

  82. '"2 

  83. 9445ISFBUT  4UPSFE944

  84. &TTFOUJBM5IJOHT   /PWBMJEBUJPO