Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ブラウザのUIのバグを探す / Secusoba PopUnder

Masato Kinugawa
November 26, 2017
Technology
2
1.6k

ブラウザのUIのバグを探す / Secusoba PopUnder

第40回セキュそば勉強会(http://secusoba.info/?%E7%AC%AC40%E5%9B%9E%2811%E6%9C%8825%E6%97%A5%29) で発表した資料です。

Masato Kinugawa

November 26, 2017
Tweet

More Decks by Masato Kinugawa

See All by Masato Kinugawa
JSでDoSる/ Shibuya.XSS techtalk #11
masatokinugawa
21
5.6k
Electron: Abusing the lack of context isolation - CureCon(en)
masatokinugawa
5
81k
Electron: Context Isolationの欠如を利用した任意コード実行 / Electron: Abusing the lack of context isolation - CureCon(ja)
masatokinugawa
9
17k
バグハンターが見てきたBug Bountyの7年 / LINE Developer Meetup #34 Security Bug Bounty
masatokinugawa
18
11k
5文字で書くJavaScript/ Shibuya.XSS techtalk #10
masatokinugawa
35
18k
攻撃者視点で見る Service Worker / PWA Study SW
masatokinugawa
20
23k
USAGE OF XSS FILTER
masatokinugawa
4
2.4k
XSSフィルターの使い方/ Shibuya.XSS techtalk #9
masatokinugawa
7
2.5k
XSS Attacks through PATH
masatokinugawa
8
16k

Other Decks in Technology

See All in Technology
フレームワークのソースコードから知識を深める
weistom
0
290
e-RT3 PlusでRclexをいごかしてみる
takasehideki
1
440
IIJmio meeting 33 IIJmio 2022年夏のおすすめ端末
iij_techlog
0
2.2k
Drivemode 会社資料 (採用向け) - We are hiring!
drivemode
0
120
コミュニティを活用した勉強習慣化.pdf
taketakekaho
1
200
Azure Container Apps で .NET 7 アプリを Blue-Green デプロイしてみよう!/jazug12
thara0402
0
120
PharmaX Company Deck
pharma_x
0
1.4k
220914_ガンダム初学者が色々考えてみた_株式会社コミュカル Mitz
comucal
PRO
0
320
SwiftUIのハマりどころとその回避策/ iOSDC_otsuka
recruitengineers
PRO
1
650
Effective PencilKit / 新聞スクラップ体験の実現
shimastripe
3
110
続CPUとは何か / What is a CPU continued
tomzoh
1
210
Apache Sedona (incubating) を用いたクラウド上での大規模地理データの処理
sekikn
PRO
0
240

Featured

See All Featured
jQuery: Nuts, Bolts and Bling
dougneiner
56
6.5k
Why Our Code Smells
bkeepers
PRO
324
55k
Debugging Ruby Performance
tmm1
66
10k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
237
19k
Intergalactic Javascript Robots from Outer Space
tanoku
259
25k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
101
6k
Why You Should Never Use an ORM
jnunemaker
PRO
48
7.7k
Fantastic passwords and where to find them - at NoRuKo
philnash
29
1.7k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
12
970
Build your cross-platform service in a week with App Engine
jlugia
220
17k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
18
4.1k
Thoughts on Productivity
jonyablonski
45
2.5k

Transcript

  1. None
  2. None
  3. None

  4. • • •

  6. • •

  7. None

  8. • • newWin = window.open('//example.com/','w','a'); newWin.blur();//新しいウインドウのフォーカスを離す window.focus();//親にフォーカスを移す

  9. • •

  10. • https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w

  11. None
  12. None
  13. None
  14. None
  15. None

  16. confirm(1);

  17. prompt(1);

  18. print();

  19. //Basic認証

  20. //外部アプリを開くプロトコルへナビゲーション location = "mms:";

  21. onbeforeunload=function(e){return 1;} //どこかへ移動しようとするとダイアログ出現

  22. new PresentationRequest("").start();

  23. new PaymentRequest([{ supportedMethods: ['basic-card'] }], { total: { label: 1,

    amount: { currency: 'USD', value: 0 } } }).show();

  24. navigator.usb.requestDevice({filters:[]});

  25. <form> <input type="email" value="a"> <button id="button"> </form> <script> button.click(); </script>

  26. • • • • • •

  27. <script> function popUnder() { new PresentationRequest("").start(); window.open("https://example.com/", "_blank","a"); setTimeout(function(){ location.reload();//リロードでダイアログを消す

    },1000); } </script> <button onclick="popUnder()">Create PopUnder</button>
  28. None

  29. • • • • • • •

  30. • • • • •

  31. • •

  32. • • •

  33. None