Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How to hack metacpan.org

Sponsored · Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers.
Avatar for mala mala
September 04, 2014
Programming
7
1.4k

How to hack metacpan.org

YAPC::Asia 2014 Reject con LT
2014-09-03

Avatar for mala

mala

September 04, 2014
Tweet

More Decks by mala

See All by mala
The Evolution of Alert & Notification System / Becks Japan #1
Avatar for mala mala
11
9k
TBD/Shibuya.XSS techtalk #8
Avatar for mala mala
5
2.8k
実例に学ぶXSS脆弱性の発見と修正方法/line_dm 16 20160916 how to find and fix xss
Avatar for mala mala
25
9.5k
超絶技巧CSRF / Shibuya.XSS techtalk #7
Avatar for mala mala
41
15k
SECCON2013 slide
Avatar for mala mala
14
3k

Other Decks in Programming

See All in Programming
それはエンジニアリングの糧である:AI開発のためにAIのOSSを開発する現場より / It serves as fuel for engineering: insights from the field of developing open-source AI for AI development.
Avatar for nrs nrslib
1
510
PHP 7.4でもOpenTelemetryゼロコード計装がしたい! / PHPerKaigi 2026
Avatar for Arthur arthur1
1
390
「接続」—パフォーマンスチューニングの最後の一手 〜点と点を結ぶ、その一瞬のために〜
Avatar for 武田 憲太郎 kentaroutakeda
3
1.9k
Kubernetesでセルフホストが簡単なNewSQLを求めて / Seeking a NewSQL Database That's Simple to Self-Host on Kubernetes
Avatar for nnaka2992 nnaka2992
0
180
実践ハーネスエンジニアリング #MOSHTech
Avatar for Takuma Kajikawa kajitack
5
2.6k
Everything Claude Code OSS詳細 — 5層構造の中身と導入方法
Avatar for techs-targe targe
0
150
守る「だけ」の優しいEMを抜けて、 事業とチームを両方見る視点を身につけた話
Avatar for Mitsui maroon8021
3
1.3k
Reactive ❤️ Loom: A Forbidden Love Story
Avatar for Francesco Nigro franz1981
2
150
[SF Ruby Feb'26] The Silicon Heel
Avatar for Vladimir Dementyev palkan
0
120
nuget-server - あなたが必要だったNuGetサーバー
Avatar for Kouji Matsui kekyo
PRO
0
440
飯MCP
Avatar for Yusuke Wada yusukebe
0
280
脱 雰囲気実装! AgentCoreを良い感じに WEBアプリケーションに組み込むために
Avatar for Takuya Yonezawa takuyay0ne
3
390

Featured

See All Featured
Fantastic passwords and where to find them - at NoRuKo
Avatar for Phil Nash philnash
52
3.6k
Test your architecture with Archunit
Avatar for Yoan thirion
1
2.2k
The Success of Rails: Ensuring Growth for the Next 100 Years
Avatar for Eileen M. Uchitelle eileencodes
47
8k
Bridging the Design Gap: How Collaborative Modelling removes blockers to flow between stakeholders and teams @FastFlow conf
Avatar for Kenny Baas-Schwegler baasie
0
490
The SEO identity crisis: Don't let AI make you average
Avatar for Varn varn
0
420
What Being in a Rock Band Can Teach Us About Real World SEO
Avatar for Ade Holder 427marketing
0
200
VelocityConf: Rendering Performance Case Studies
Avatar for Addy Osmani addyosmani
333
24k
Java REST API Framework Comparison - PWX 2021
Avatar for Matt Raible mraible
34
9.2k
Building Adaptive Systems
Avatar for Chris Keathley keathley
44
3k
The State of eCommerce SEO: How to Win in Today's Products SERPs - #SEOweek
Avatar for Aleyda Solis aleyda
2
10k
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
Avatar for Akash Hashmi akashhashmi
0
300
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
Avatar for David Carrasco davidcarrasco
3
86

Transcript

  1. )PXUPIBDL NFUBDQBOPSH NBMB

  2. :"1$ߦͬͯͳ͍

  3. ͖ΐ͏ͷςʔϚ w )PXUPIBDLNFUBDQBOPSH ! w ѱ͍ҙຯͰ

  4. NFUBDQBOPSHͰͷ SFNPUFDPEFFYFDVUJPO w िؒ΄ͲલʹใࠂpYFE w 1MBDL.JEEMFXBSF4FTTJPO$PPLJF w NFUBDQBOPSH௚͔ͬͯΒৄࡉॻ͜͏ͱࢥͬͨΒ NJZBHBXB͞Μ͕௒଎ͰϦϦʔεͨ͠ͷͰ NFUBDQBOPSHθϩσΠެ։ঢ়ଶͩͬͨ

  5. ͝ଘ஌Ͱ͔͢ʁ 4UPSBCMFͰ ೚ҙίʔυ࣮ߦ

  6. ΦϒδΣΫτσγϦΞϥΠβ Λ௨ͨ͡ίʔυ࣮ߦ w ෳ਺ͷݴޠͰಉ༷ͷ໰୊͕ใࠂ͞Ε͍ͯΔ w ೚ҙͷΫϥεͷΦϒδΣΫτΛ෮ݩͰ͖Δ΋ͷ w 3VCZ :".- .BSTIBM

    w 1FSM 4UPSBCMF :".- 9.-

  7. $PPLJFܦ༝Ͱͷ 4UPSBCMFΦϒδΣΫτ w σγϦΞϥΠζͷλΠϛϯάͰίʔυ࣮ߦग़དྷΔ w $PPLJFʹ4UPSBCMFͰσʔλอଘ͢Δηογϣϯ Ϛωʔδϟ͕͋Δ w )."$ॺ໊ʹΑΔվ᜵๷ࢭ͕ͳ͍PS伴͕ऑ͍ PS伴͕࿙ΕΔέʔεͰDPPLJF͕վ᜵Ͱ͖Δ

    w ࡉ޻ͨ͠$PPLJFΛ࢖ͬͨ೚ҙίʔυ࣮ߦग़དྷΔ

  8. ͍͔ͭ͘ใࠂ͞Ε͍ͯΔ w SFQPSUFECZNBMB ͍͖͞Μ  w )5514FTTJPO "NPO w 1MBDL.JEEMFXBSF4FTTJPO$PPLJF

    w ೥ w 4UPSBCMFUIBXDBMMFEPODPPLJFEBUBJONVMUJQMF $1"/NPEVMFT w IUUQTFDMJTUTPSHPTTTFDR

  9. Өڹൣғ w ΦϒδΣΫτ͕෮ݩ͞ΕΔͱ͍͏͜ͱ͸ w ԿΒ͔ͷॳظԽॲཧ͕࣮ߦ͞ΕͨΓ w ഁغ͞ΕΔλΠϛϯάͰσετϥΫλ͕࣮ߦ͞ΕͨΓ w ܕม׵ͷλΠϛϯάͰԿ͔͕͓͖ͨΓ
 ʢίʔυຒΊࠐΊΔςϯϓϨʔτΤϯδϯͱ͔ʣ

    w ͦͷଞ΋Ζ΋Ζͷ༧ظ͠ͳ͍໰୊

  10. ΦϒδΣΫτσγϦΞϥΠβ ͸ةݥ w ϓϨʔϯͳϋογϡΑΓ΋༧ظ͠ͳ͍͜ͱ͕ى ͖Δ w CMFTTFEIBTIඞཁͳ͚Ε͹
 4UPSBCMFΛ࢖Θͳ͍΄͏͕͍͍

  11. +40/ʹ͢Ε͹҆શʁ w ͓͓ΉͶͦ͏ w σγϦΞϥΠζͷΈͰ໰୊͸ى͖ͳ͍ w +40/ 42-JOKFDUJPO w จࣈྻ͕དྷΔͱࢥͬͯΔՕॴʹϋογϡ΍഑ྻ

    ͕ೖΔ͜ͱͰ༧ظ͠ͳ͍ಈ࡞͕ى͜ΔՄೳੑ

  12. 4UPSBCMFͷಛච͢΂͖఺ w ೚ҙͷϞδϡʔϧͷϩʔυ͕Մೳ w PWFSMPBE͕࢖ΘΕ͍ͯΔΦϒδΣΫτΛGSFF[F͢Δͱɺ PWFSMPBEϑϥά෇͖Ͱอଘ͞ΕΔ w PWFSMPBEϑϥά͕෇͍͍ͯΔ4UPSBCMFEPDVNFOUΛ ϩʔυ͢ΔࡍʹɺಁաతʹϞδϡʔϧΛϩʔυ͢Δ w

    ຊདྷͳΒPWFSMPBE͕࢖ΘΕ͍ͯͳ͍ϞδϡʔϧͰ΋ɺ͜ ͷϑϥάΛઃఆ͢Δ͜ͱͰɺ೚ҙͷϞδϡʔϧΛϩʔυ Մೳ

  13. ͜Ε͸ط஌ͷ໰୊Ͱ͋Δ w NBTUFSJOHQFSMPSHUIFTUPSBCMF TFDVSJUZQSPCMFN w ۙ೥ʹͳͬͯEPDVNFOUʹॻ͔Εͨ w IUUQQFSMHJUQFSMPSHQFSMHJUDPNNJU GBDCCECGFEEB DFF

  14. σετϥΫλ࣮ߦ 㲈೚ҙίʔυ࣮ߦ w σετϥΫλ࣮ߦͰ͸ग़དྷΔ͜ͱ͕ݶΒΕΔ w యܕతͳͷ͸Ұ࣌ϑΝΠϧ࡟আ
 ˠ೚ҙϑΝΠϧ࡟আ w ͤΊͯϑΝΠϧॻ͖ࠐΈ͕ग़དྷΕ͹ɾɾɾ w

    ѱ༻Ͱ͖ͦ͏ͳ$1"/ϞδϡʔϧΛ୳͢

  15. ݬͷ೚ҙίʔυ࣮ߦՄೳϞδϡʔϧΛ୳ͯ͠ w σετϥΫλ಺Ͱίʔυ࣮ߦͰ͖ͦ͏ͳ΋ͷΛ୳ ͢ w FWBMTFMG\DPEF^ w PQFO ') TFMG\pMFOBNF^

     w TZTUFN FYFD EP HMPC FUD w ͦ͏ͦ͏ͳ͍Α

  16. ϑΝΠϧ΁ͷॻ͖ࠐΈ w ϑΝΠϧ΁ͷॻ͖ࠐΈ͕ग़དྷΕ͹ɺQNϑΝΠϧ Λੜ੒ͯ͠ϩʔυͯ͠΍Ε͹೚ҙίʔυ࣮ߦग़ དྷΔͷͰ͸ͳ͍͔ʁ w ࣮ࡍͷΞϓϦέʔγϣϯ͸VTFMJCͯ͠Δ͜ͱ͕ ଟ͍ MJCMPDBM 

    w ΧϨϯτσΟϨΫτϦҎԼͷϑΝΠϧʹ͋Δఔ౓ ࣗ༝ͳϑΥʔϚοτͰॻ͖ࠐΈ͕ग़དྷΕ͹ɻɻ

  17. σετϥΫλͰϑΝΠϧʹॻ͖ࠐΉ $1"/Ϟδϡʔϧ w ࣮ࡏͨ͠ w ໨HSFQ͠·ͬͯ͘ൃݟ w ࣗಈηʔϒ΍ϩάϑΝΠϧͷqVTIܥͷػೳ w QNϑΝΠϧΛੜ੒ͯ͠ϩʔυ·ͰՄೳ

    w ςϯϓϨʔτվ᜵͔Β೚ҙίʔυ࣮ߦ͕Մೳ

  18. 4UPSBCMFͰͷίʔυ࣮ߦ w ਂࠁ౓্͕͕ͬͨͱߟ͑ͯྑ͍
 જࡏత೚ҙίʔυ࣮ߦˠ࣮֬ͳ೚ҙίʔυ࣮ߦ  w ਖ਼֬ʹ͸ʮΠϯετʔϧ͞Ε͍ͯΔϞδϡʔϧ࣍ୈͰ೚ ҙίʔυ࣮ߦ͕Մೳʯ w ͔ͳΓଟ͘ͷ؀ڥͰΠϯετʔϧ͞Ε͍ͯΔϞδϡʔϧ

    ͰՄೳͩͬͨ w QFSMTFDVSJUZʹใࠂ FYQMPJUެ։͕ద੾͔Ͳ͏͔૬ஊ த

  19. ·ͱΊ w 4UPSBCMF ͱ͍͏͔CMFTTFEIBTIΛ෮ݩͰ͖Δ γϦΞϥΠβ͸೚ҙίʔυ࣮ߦʹܨ͕Δةݥ͕ ͋Δ w "NPOͱ1MBDL.JEEMFXBSF4FTTJPOΛ֘౰͢ Δ࢖͍ํͯ͠Δਓ͸Ξφ΢ϯεಡΜͰରԠͯ͠Ͷɻ w

    )BQQZ)BDLJOH