Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How to hack metacpan.org

Sponsored · Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers.
Avatar for mala mala
September 04, 2014
Programming
1.4k
7

How to hack metacpan.org

YAPC::Asia 2014 Reject con LT
2014-09-03

Avatar for mala

mala

September 04, 2014

More Decks by mala

See All by mala
The Evolution of Alert & Notification System / Becks Japan #1
Avatar for mala mala
11
9k
TBD/Shibuya.XSS techtalk #8
Avatar for mala mala
5
2.8k
実例に学ぶXSS脆弱性の発見と修正方法/line_dm 16 20160916 how to find and fix xss
Avatar for mala mala
25
9.6k
超絶技巧CSRF / Shibuya.XSS techtalk #7
Avatar for mala mala
41
15k
SECCON2013 slide
Avatar for mala mala
14
3k

Other Decks in Programming

See All in Programming
PHP で mp3 プレイヤーを実装しよう
Avatar for memory m3m0r7
PRO
0
290
「Linuxサーバー構築標準教科書」を読んでみた #ツナギメオフライン.7
Avatar for akase244 akase244
0
1.4k
Claude CodeでETLジョブ実行テストを自動化してみた
Avatar for yoshiki kasama yoshikikasama
0
930
From Formal Specification to Property Based Test
Avatar for Masato Ohba ohbarye
0
400
PicoRuby for IoT: Connecting to the Cloud with MQTT
Avatar for Y_uuu yuuu
2
680
mruby on C#: From VM Implementation to Game Scripting (RubyKaigi 2026)
Avatar for hadashiA hadashia
2
760
ルールルルルルRubyの中身の予備知識 ── RubyKaigiの前に予習しなイカ?
Avatar for ydah ydah
1
210
Going Multiplatform with Your Android App (Android Makers 2026)
Avatar for Márton Braun zsmb
2
450
実践CRDT
Avatar for tamadeveloper tamadeveloper
0
600
(Re)make Regexp in Ruby: Democratizing internals for the JIT
Avatar for TSUYUSATO Kitsune makenowjust
3
730
セグメントとターゲットを意識するプロポーザルの書き方 〜採択の鍵は、誰に刺すかを見極めるマーケティング戦略にある〜
Avatar for memory m3m0r7
PRO
0
590
10 Tips of AWS ~Gen AI on AWS~
Avatar for matsukada licux
5
480

Featured

See All Featured
Save Time (by Creating Custom Rails Generators)
Avatar for Garrett Dimon garrettdimon
PRO
32
2.9k
The State of eCommerce SEO: How to Win in Today's Products SERPs - #SEOweek
Avatar for Aleyda Solis aleyda
2
10k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
Avatar for Marc Duiker marcduiker
35
2.4k
Large-scale JavaScript Application Architecture
Avatar for Addy Osmani addyosmani
515
110k
A designer walks into a library…
Avatar for Paul Jervis Heath pauljervisheath
211
24k
Learning to Love Humans: Emotional Interface Design
Avatar for Aarron Walter aarron
275
41k
AI Search:
Where Are We & What Can We Do About It?
Avatar for Aleyda Solis aleyda
0
7.4k
What Being in a Rock Band Can Teach Us About Real World SEO
Avatar for Ade Holder 427marketing
0
220
The Spectacular Lies of Maps
Avatar for Per Axbom axbom
PRO
1
710
[RailsConf 2023] Rails as a piece of cake
Avatar for Vladimir Dementyev palkan
59
6.5k
Marketing Yourself as an Engineer | Alaka | Gurzu
Avatar for Gurzu gurzu
0
180
30 Presentation Tips
Avatar for Ian Lurie portentint
PRO
1
280

Transcript

  1. )PXUPIBDL NFUBDQBOPSH NBMB

  2. :"1$ߦͬͯͳ͍

  3. ͖ΐ͏ͷςʔϚ w )PXUPIBDLNFUBDQBOPSH ! w ѱ͍ҙຯͰ

  4. NFUBDQBOPSHͰͷ SFNPUFDPEFFYFDVUJPO w िؒ΄ͲલʹใࠂpYFE w 1MBDL.JEEMFXBSF4FTTJPO$PPLJF w NFUBDQBOPSH௚͔ͬͯΒৄࡉॻ͜͏ͱࢥͬͨΒ NJZBHBXB͞Μ͕௒଎ͰϦϦʔεͨ͠ͷͰ NFUBDQBOPSHθϩσΠެ։ঢ়ଶͩͬͨ

  5. ͝ଘ஌Ͱ͔͢ʁ 4UPSBCMFͰ ೚ҙίʔυ࣮ߦ

  6. ΦϒδΣΫτσγϦΞϥΠβ Λ௨ͨ͡ίʔυ࣮ߦ w ෳ਺ͷݴޠͰಉ༷ͷ໰୊͕ใࠂ͞Ε͍ͯΔ w ೚ҙͷΫϥεͷΦϒδΣΫτΛ෮ݩͰ͖Δ΋ͷ w 3VCZ :".- .BSTIBM

    w 1FSM 4UPSBCMF :".- 9.-

  7. $PPLJFܦ༝Ͱͷ 4UPSBCMFΦϒδΣΫτ w σγϦΞϥΠζͷλΠϛϯάͰίʔυ࣮ߦग़དྷΔ w $PPLJFʹ4UPSBCMFͰσʔλอଘ͢Δηογϣϯ Ϛωʔδϟ͕͋Δ w )."$ॺ໊ʹΑΔվ᜵๷ࢭ͕ͳ͍PS伴͕ऑ͍ PS伴͕࿙ΕΔέʔεͰDPPLJF͕վ᜵Ͱ͖Δ

    w ࡉ޻ͨ͠$PPLJFΛ࢖ͬͨ೚ҙίʔυ࣮ߦग़དྷΔ

  8. ͍͔ͭ͘ใࠂ͞Ε͍ͯΔ w SFQPSUFECZNBMB ͍͖͞Μ  w )5514FTTJPO "NPO w 1MBDL.JEEMFXBSF4FTTJPO$PPLJF

    w ೥ w 4UPSBCMFUIBXDBMMFEPODPPLJFEBUBJONVMUJQMF $1"/NPEVMFT w IUUQTFDMJTUTPSHPTTTFDR

  9. Өڹൣғ w ΦϒδΣΫτ͕෮ݩ͞ΕΔͱ͍͏͜ͱ͸ w ԿΒ͔ͷॳظԽॲཧ͕࣮ߦ͞ΕͨΓ w ഁغ͞ΕΔλΠϛϯάͰσετϥΫλ͕࣮ߦ͞ΕͨΓ w ܕม׵ͷλΠϛϯάͰԿ͔͕͓͖ͨΓ
 ʢίʔυຒΊࠐΊΔςϯϓϨʔτΤϯδϯͱ͔ʣ

    w ͦͷଞ΋Ζ΋Ζͷ༧ظ͠ͳ͍໰୊

  10. ΦϒδΣΫτσγϦΞϥΠβ ͸ةݥ w ϓϨʔϯͳϋογϡΑΓ΋༧ظ͠ͳ͍͜ͱ͕ى ͖Δ w CMFTTFEIBTIඞཁͳ͚Ε͹
 4UPSBCMFΛ࢖Θͳ͍΄͏͕͍͍

  11. +40/ʹ͢Ε͹҆શʁ w ͓͓ΉͶͦ͏ w σγϦΞϥΠζͷΈͰ໰୊͸ى͖ͳ͍ w +40/ 42-JOKFDUJPO w จࣈྻ͕དྷΔͱࢥͬͯΔՕॴʹϋογϡ΍഑ྻ

    ͕ೖΔ͜ͱͰ༧ظ͠ͳ͍ಈ࡞͕ى͜ΔՄೳੑ

  12. 4UPSBCMFͷಛච͢΂͖఺ w ೚ҙͷϞδϡʔϧͷϩʔυ͕Մೳ w PWFSMPBE͕࢖ΘΕ͍ͯΔΦϒδΣΫτΛGSFF[F͢Δͱɺ PWFSMPBEϑϥά෇͖Ͱอଘ͞ΕΔ w PWFSMPBEϑϥά͕෇͍͍ͯΔ4UPSBCMFEPDVNFOUΛ ϩʔυ͢ΔࡍʹɺಁաతʹϞδϡʔϧΛϩʔυ͢Δ w

    ຊདྷͳΒPWFSMPBE͕࢖ΘΕ͍ͯͳ͍ϞδϡʔϧͰ΋ɺ͜ ͷϑϥάΛઃఆ͢Δ͜ͱͰɺ೚ҙͷϞδϡʔϧΛϩʔυ Մೳ

  13. ͜Ε͸ط஌ͷ໰୊Ͱ͋Δ w NBTUFSJOHQFSMPSHUIFTUPSBCMF TFDVSJUZQSPCMFN w ۙ೥ʹͳͬͯEPDVNFOUʹॻ͔Εͨ w IUUQQFSMHJUQFSMPSHQFSMHJUDPNNJU GBDCCECGFEEB DFF

  14. σετϥΫλ࣮ߦ 㲈೚ҙίʔυ࣮ߦ w σετϥΫλ࣮ߦͰ͸ग़དྷΔ͜ͱ͕ݶΒΕΔ w యܕతͳͷ͸Ұ࣌ϑΝΠϧ࡟আ
 ˠ೚ҙϑΝΠϧ࡟আ w ͤΊͯϑΝΠϧॻ͖ࠐΈ͕ग़དྷΕ͹ɾɾɾ w

    ѱ༻Ͱ͖ͦ͏ͳ$1"/ϞδϡʔϧΛ୳͢

  15. ݬͷ೚ҙίʔυ࣮ߦՄೳϞδϡʔϧΛ୳ͯ͠ w σετϥΫλ಺Ͱίʔυ࣮ߦͰ͖ͦ͏ͳ΋ͷΛ୳ ͢ w FWBMTFMG\DPEF^ w PQFO ') TFMG\pMFOBNF^

     w TZTUFN FYFD EP HMPC FUD w ͦ͏ͦ͏ͳ͍Α

  16. ϑΝΠϧ΁ͷॻ͖ࠐΈ w ϑΝΠϧ΁ͷॻ͖ࠐΈ͕ग़དྷΕ͹ɺQNϑΝΠϧ Λੜ੒ͯ͠ϩʔυͯ͠΍Ε͹೚ҙίʔυ࣮ߦग़ དྷΔͷͰ͸ͳ͍͔ʁ w ࣮ࡍͷΞϓϦέʔγϣϯ͸VTFMJCͯ͠Δ͜ͱ͕ ଟ͍ MJCMPDBM 

    w ΧϨϯτσΟϨΫτϦҎԼͷϑΝΠϧʹ͋Δఔ౓ ࣗ༝ͳϑΥʔϚοτͰॻ͖ࠐΈ͕ग़དྷΕ͹ɻɻ

  17. σετϥΫλͰϑΝΠϧʹॻ͖ࠐΉ $1"/Ϟδϡʔϧ w ࣮ࡏͨ͠ w ໨HSFQ͠·ͬͯ͘ൃݟ w ࣗಈηʔϒ΍ϩάϑΝΠϧͷqVTIܥͷػೳ w QNϑΝΠϧΛੜ੒ͯ͠ϩʔυ·ͰՄೳ

    w ςϯϓϨʔτվ᜵͔Β೚ҙίʔυ࣮ߦ͕Մೳ

  18. 4UPSBCMFͰͷίʔυ࣮ߦ w ਂࠁ౓্͕͕ͬͨͱߟ͑ͯྑ͍
 જࡏత೚ҙίʔυ࣮ߦˠ࣮֬ͳ೚ҙίʔυ࣮ߦ  w ਖ਼֬ʹ͸ʮΠϯετʔϧ͞Ε͍ͯΔϞδϡʔϧ࣍ୈͰ೚ ҙίʔυ࣮ߦ͕Մೳʯ w ͔ͳΓଟ͘ͷ؀ڥͰΠϯετʔϧ͞Ε͍ͯΔϞδϡʔϧ

    ͰՄೳͩͬͨ w QFSMTFDVSJUZʹใࠂ FYQMPJUެ։͕ద੾͔Ͳ͏͔૬ஊ த

  19. ·ͱΊ w 4UPSBCMF ͱ͍͏͔CMFTTFEIBTIΛ෮ݩͰ͖Δ γϦΞϥΠβ͸೚ҙίʔυ࣮ߦʹܨ͕Δةݥ͕ ͋Δ w "NPOͱ1MBDL.JEEMFXBSF4FTTJPOΛ֘౰͢ Δ࢖͍ํͯ͠Δਓ͸Ξφ΢ϯεಡΜͰରԠͯ͠Ͷɻ w

    )BQQZ)BDLJOH