Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
超絶技巧CSRF / Shibuya.XSS techtalk #7
Search
mala
March 28, 2016
Programming
40
14k
超絶技巧CSRF / Shibuya.XSS techtalk #7
CSRF, HTML Form Protocol Attack, Cross-protocol scripting attackについて
mala
March 28, 2016
Tweet
Share
More Decks by mala
See All by mala
The Evolution of Alert & Notification System / Becks Japan #1
mala
11
8.7k
TBD/Shibuya.XSS techtalk #8
mala
5
2.6k
実例に学ぶXSS脆弱性の発見と修正方法/line_dm 16 20160916 how to find and fix xss
mala
25
9.3k
How to hack metacpan.org
mala
7
1.3k
SECCON2013 slide
mala
14
2.9k
Other Decks in Programming
See All in Programming
Ruby on cygwin 2025-02
fd0
0
180
ファインディLT_ポケモン対戦の定量的分析
fufufukakaka
0
920
CI改善もDatadogとともに
taumu
0
200
GoとPHPのインターフェイスの違い
shimabox
2
210
CDKを使ったPagerDuty連携インフラのテンプレート化
shibuya_shogo
0
110
Jasprが凄い話
hyshu
0
160
PHPカンファレンス名古屋2025 タスク分解の試行錯誤〜レビュー負荷を下げるために〜
soichi
1
680
Boos Performance and Developer Productivity with Jakarta EE 11
ivargrimstad
0
310
お前もAI鬼にならないか?👹Bolt & Cursor & Supabase & Vercelで人間をやめるぞ、ジョジョー!👺
taishiyade
7
4.2k
PHPのバージョンアップ時にも役立ったAST
matsuo_atsushi
0
230
Jakarta EE meets AI
ivargrimstad
0
340
Jakarta EE meets AI
ivargrimstad
0
390
Featured
See All Featured
GitHub's CSS Performance
jonrohan
1030
460k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
2.1k
Large-scale JavaScript Application Architecture
addyosmani
511
110k
Site-Speed That Sticks
csswizardry
4
410
Become a Pro
speakerdeck
PRO
26
5.2k
Unsuck your backbone
ammeep
669
57k
Gamification - CAS2011
davidbonilla
80
5.2k
A better future with KSS
kneath
238
17k
Fantastic passwords and where to find them - at NoRuKo
philnash
51
3k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
129
19k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
44
7k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
27
1.9k
Transcript
$43' NBMB ઈٕ
ࠓͷςʔϚ w $43'ʹ͍ͭͯ w Έͳ͞Μ͝ଘͰ͢ΑͶ w ͋·Γ͍͜͠ͱ͠·ͤΜ
$43'PS943' w DSPTTTJUFSFRVFTUGPSHFSZ w ΫϩεαΠτͰϦΫΤετΛڧ੍͢Δ߈ܸख๏ w 944ͱฒΜͰྑ͘ݟ͔ͭΔ8FCΞϓϦέʔγϣ ϯͷදతͳ੬ऑੑͷҰͭ
Կ͕ग़དྷΔ͔ʁ w ةݥউखʹॻ͖ࠐΈ ͜Μʹͪ͜Μʹͪ w ةݥߴύεϫʔυΛউखʹมߋ w $43'ͰՄೳͳΞΫγϣϯʹΑ༷ͬͯʑ w
୯ͳΔΠλζϥ͔ΒΞΧϯτͬऔΓ·Ͱ
ະͩʹଟ͋͘Δ w 944ਖ਼͍͠ίʔυΛॻ͍͍ͯΕݩʑى͖ͳ ͍ w $43'ରࡦηΩϡϦςΟͷͨΊͷՃͷࢪࡦ w ϑϨʔϜϫʔΫͳͲͰࣗಈԽ͞Εͯͳ͍ͱ࿙ΕΔ w อޢ͖͔͢Ͳ͏͔ͷஅ͕͍͠
$43'ࣄޙରॲʹͳΓ͕ͪ w ·͋ɺͿͬͪΌ͚ܝࣔ൘ͱ͔ථͱ͔ίϝϯτ ػೳͱ͔ࣄޙରॲͰྑ͍ͱࢥ͍·͢ w ॏཁػೳ͕ಉ͡ײ֮ͰࣄޙରॲͩͱϠόΠʂ w ˠϦεΫͷߴ͍$43'ʹ͍ͭͯհ͠·͢
ΞΧϯτͬऔΓ w ةݥͳ$43'ͷදతͳͷ w ύεϫʔυมߋ͕$43'ͰՄೳ w ϝʔϧΞυϨεมߋ͕$43'ͰՄೳ
࿈ܞΞΧϯτՃ w 0"VUI TUBUFύϥϝʔλͬͯͳ͍ w ෳϓϩόΠμͷJEͰϩάΠϯ͕Մೳ w ׂͱ͋Γ͕ͪ
ωοτϫʔΫػثͷ߈ܸ w +7/ϧʔλʔ$43'ͳͲͰάάοͯΈͯͶ
͍ΖΜͳͷʹ$43'͢Δ w $43'Ͱ+40/9.-ΛૹΔ w GPSNFODUZQFUFYUQMBJOΛ͏ w IUUQJUTFDVSJUZDPODFQUTDPN DTSGPOKTPOSFRVFTUT w IUUQQFOUFTUNPOLFZOFUCMPHDTSGYNM
QPTUSFRVFTU
Ԡ༻ <form method="POST" enctype="text/plain" action="http://127.0.0.1:11211"> <textarea name="val"> set hoge 0
1000000 8 hogehoge </textarea> <input type="submit"> </form>
$43'ͰNFNDBDIFEʹॻ͖ࠐΉ <form method="POST" enctype="text/plain" action="http://127.0.0.1:11211"> <textarea name="val"> set hoge 0
1000000 8 hogehoge </textarea> <input type="submit"> </form>
͑ͬʁ w ͍͖ͳΓIUUQͷนΛӽ͑ͯߦ͖·ͨ͠Ͷ w ରԠ͍ͯ͠ͳ͍ίϚϯυແࢹ͞ΕΔ POST / HTTP/1.1 ERROR w
NFNDBDIFEQSPUPDPMͱͯ͠ղऍՄೳͳ෦ͩ ͚ධՁ͞ΕΔɻ
͍ΖΜͳͷʹ$43'͢Δ w $SPTTQSPUPDPMͳSFRVFTUGPSHFSZ w ରԠ͍ͯ͠ͳ͍ίϚϯυΛదٓແࢹͯ͘͠Εͯί ωΫγϣϯΛஅ͠ͳ͍5$1αʔόʔ w ˢ͜͏͍͏ੑ࣭ͷαʔόʔʹ$43'ͰίϚϯυ ൃߦՄೳ
࣮ݹ͔͘Β͋Δ߈ܸख๏ w )5.-'PSN1SPUPDPM"UUBDL w IUUQTXXXKPDIFOUPQGDPNIGQB w 5IJTDBOCFVTFEUPTFOEDPNNBOETUP TFSWFSTVTJOH"4$**CBTFEQSPUPDPMTMJLF
4.51 //51 101 *."1 *3$ BOEPUIFSTz w )5.-ϑΥʔϜ͔Β4.51ʹίϚϯυૹ৴
ৄ͘͠ ͜ͷຊͷষʹॻ͍ͯ͋Δ
ϒϥβଆͰͷରࡦ w $SPTT1SPUPDPMTDSJQUJOHBUUBDL w IUUQXXXBSDIJWFNP[JMMBPSHQSPKFDUTOFUMJC 1PSU#BOOJOHIUNM w Α͘ΒΕ͍ͯΔαʔϏε͕ϒϩοΫ͞Εͨ w XFMMLOPXOͰͳ͍QPSUೖͬͯͳ͍
w ϙʔτมߋͯ͠ͷӡ༻࠷ۙͷ/P42-αʔόʔͳΜ͔ อޢ͞Ε͍ͯͳ͍
αʔόʔଆͰͷରࡦ w ରԠ͍ͯ͠ͳ͍ίϚϯυ͕ૹΒΕͨΒஅ w )551͕ૹΒΕ͖ͯͨΒஅ͢Δ w ͱ͍͏࣮ͷαʔόʔ͋ΔΒ͍͠
8IBU`TOFX w ͱݱͰঢ়گ͕ҟͳ͍ͬͯΔ w ϒϥβ͔ΒϢʔβʔΞΫγϣϯແ͠ͰͷόΠφ Ϧσʔλૹ৴͕Մೳʹͳ͍ͬͯΔ w ੲϑΝΠϧΞοϓϩʔυϓϥάΠϯܦ༝͠ͳ ͚Εແཧͩͬͨ w
ࠓYISTFOE CMPC ͰՄೳ
ࡉ͔͍ w ϑΝΠϧΞοϓϩʔυ͢Δ$43' w 'MBTIͰېࢭ͞Ε͕ͨ9)3MFWFMͰΉ͠Ζॊೈʹͳ͍ͬͯΔ w 'MBTI͔Β'JMF6QMPBE૬ͷ1045ϦΫΤετ DSPTTEPNBJOYNM͕ඞཁ IUUQXXXBEPCFDPNKQEFWOFU qBTIQMBZFSBSUJDMFTGQMBZFS@TFDVSJUZ@DIBOHFTIUNM
w ϩʔΧϧϑΝΠϧΛউखʹΞοϓϩʔυˠવແཧ w NVMUJQBSUGPSNEBUBΛ$43'ˠՄೳ w $034ͷϓϦϑϥΠτର֎
όΠφϦૹΕΔΑ͏ʹ͢Δ w UFYUQMBJOͩͱόΠφϦૹΕͳ͔ͬͨΓ͢Δ ˞ૹ৴͢ΔจࣈίʔυͷൣғͰ͔͠ૹΕͳ͍ɺؒҧͬͯͨΒڭ͑ͯ w NVMUJQBSUGPSNEBUBͰϑΝΠϧૹΕॊೈʹόΠφ Ϧૹ৴Մೳˠͨͩ͠Ϣʔβʔૢ࡞͕ඞཁͩͬͨ w /&8YISTFOE
CMPC ͰόΠφϦૹΕΔΑ͏ʹɻ w ΤϥʔΛదʹແࢹͯ͘͠ΕΕ όΠφϦϓϩτί ϧͰ$43'ͰΕΔ
ͬͱѱ༻͢Δ w NFNDBDIFEʹόΠφϦσʔλΛॻ͖ࠐΉ w SFNPUFDPEFFYFDVUJPOͷFYQMPJU w ΦϒδΣΫτσγϦΞϥΠβΛ௨ͨ͡ίʔυ࣮ ߦ w EFNP
None
Կ͕ग़དྷΔ͔ w σγϦΞϥΠβΛ௨ͨ͠ҙίʔυ࣮ߦ ˠେͷݴޠͰಉ༷ͷ߈ܸख๏͕͋Δ w NFNDBDIFEͷΞυϨε͕طͩͬͨΒҙͷ ΩʔʹҙͷσʔλΛॻ͖ࠐΜͩΓ w ߈ܸ༻ͷσʔλΛૹΓࠐΊ"QQαʔόʔ্Ͱ ҙίʔυ࣮ߦΛҾ͖ى͜͢͜ͱ͕ग़དྷΔ
ύεϫʔυೝূʹΑΔରࡦ w NFNDBDIFEೝূػߏ͕ແ͍ w *1ΞυϨεΠϯλϑΣʔε੍ݶͰೝূػߏΛඋ ͍͑ͯͳ͍ϛυϧΣΞଟ͍ w ೝূ͔͚͓͚ͯ0, ˠਖ਼ղؒҧ͍
ೝূΛಥഁ͢Δ$43' w 3FEJTͩͱύεϫʔυΛ͔͚ΒΕΔ w 3FEJTͷύεϫʔυೝূ BVUINZTFDSFUQBTTXPSE TFULFZWBMVF w ͜ΜͳͷΛૹΕྑ͍͚ͩͳͷͰಥഁՄೳ
ϛυϧΣΞͷύεϫʔυ w ͔͚͓ͯ͘ʹͨ͜͜͠ͱͳ͍͕ w ෦ͷωοτϫʔΫߏͳͲ͕طʹͳΔέʔε ˠιʔείʔυઃఆใ࿙Ӯ͍ͯ͠Δ͜ͱ ఆ͖͢ w ྫ͑ୀ৬ऀ͕෦ใΛώϯτʹݱ৬ࣾһΛ ᠘ʹ͔͚ͯSFNPUFDPEFFYFDVUJPOՄೳ
$43'ͰಥഁͰ͖Δೝূ w ݁ՌͷಡΈऔΓͷඞཁ͕ͳ͍ೝূํࣜͰ͋Εɺ ύεϫʔυΛૹΓ͚ͭΔ͚ͩͳͷͰಥഁՄೳ w νϟϨϯδϨεϙϯεܗࣜͷೝূͰ͋Εಥഁ Ͱ͖ͳ͍ w $43'ͰϦΫΤετͷ݁Ռ͕ಡΊͳ͍ͷͰ
ϛυϧΣΞͷ$43'ରࡦ w "$-͋Δ͔Β҆શͱࢥͬͯ·ͤΜ͔ʁ w ωοτϫʔΫࣗମΛִ͢Δͷ͕ྑ͍ w ִ͢ΔͷͪΌΜͱִɺιʔείʔυ ύεϫʔυ͕طͳΒ߈ܸͰ͖ΔΑ͏ͳͷ ʮୀ৬ऀ͚όοΫυΞʯ
ࠓޙͷͱରࡦ w ϙʔτ੍ݶʹ͍༷͕ͭͯ໌֬Խ͞ΕΔΑ͏ ʹͳͬͨ w IUUQTGFUDITQFDXIBUXHPSHQPSU CMPDLJOH w ͔͠͠XFMMLOPXOͰͳ͍QPSUҾ͖ଓ͖ DSPTTQSPUPDPMBUUBDL͕ՄೳͰ͠ΐ͏
ࠓޙͷͱରࡦ w ෦ωοτϫʔΫ͚ͷ$43'ରࡦ w $034BOE3'$ IUUQTNJLFXFTUHJUIVCJPDPSTSGD w ϒϥβଆͰͷରࡦೖΔ͔
ྨࣅͷ w $SPTTTJUF TDSJQUJOHSFRVFTUGPSHFSZ w TJUFˠQSPUPDPMTJUFˠBQQ w *1$ͷͨΊͷϩʔΧϧαʔόʔΛ࡞ΔΞϓϦ w
ΧελϜεΩʔϜͷϦΫΤετڧ੍ w ϦΫΤετҰํతʹૹΕΔ૬ޓʹೝূ͢Δϓ ϩτίϧʹͳ͍ͬͯΔ͔֬ೝ͠·͠ΐ͏
·ͱΊ w $43'ΛͳΊ͍͚ͯͳ͍ w ʮউखʹॻ͖ࠐΈʯग़དྷΔ͚͕ͩͩ ॻ͖ࠐΈରʹΑͬͯग़དྷΔ͜ͱ͕෯͍ w DSPTTQSPUPDPMͳ$43' YISTFOE
CMPC ͰόΠφϦૹΕΔ w )5.-Ͱػೳ͕૿͑Δˠ߈ܸํ๏ϦεΫ૿Ճ
ऴΘΓ w "OZRVFTUJPOT