Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ブラウザのUIのバグを探す / Secusoba PopUnder

Avatar for Masato Kinugawa Masato Kinugawa
November 26, 2017
Technology
2
2.2k

ブラウザのUIのバグを探す / Secusoba PopUnder

第40回セキュそば勉強会(http://secusoba.info/?%E7%AC%AC40%E5%9B%9E%2811%E6%9C%8825%E6%97%A5%29) で発表した資料です。

Avatar for Masato Kinugawa

Masato Kinugawa

November 26, 2017
Tweet

More Decks by Masato Kinugawa

See All by Masato Kinugawa
Shadow DOMとセキュリティ - 光と影の境界を探る / Shibuya.XSS techtalk #13
Avatar for Masato Kinugawa masatokinugawa
0
680
Shadow DOM & Security - Exploring the boundary between light and shadow
Avatar for Masato Kinugawa masatokinugawa
1
1.9k
ブラウザのレガシー・独自機能を愛でる-Firefoxの脆弱性4選- / Browser Crash Club #1
Avatar for Masato Kinugawa masatokinugawa
1
1k
注目したいクライアントサイドの脆弱性2選/ Security.Tokyo #3
Avatar for Masato Kinugawa masatokinugawa
8
4.2k
バグハンティングのすゝめ / P3NFEST
Avatar for Masato Kinugawa masatokinugawa
5
2.6k
Pwn2OwnでMicrosoft Teamsをハッキングして2000万円を獲得した方法/ Shibuya.XSS techtalk #12
Avatar for Masato Kinugawa masatokinugawa
13
21k
How I Hacked Microsoft Teams and got $150,000 in Pwn2Own
Avatar for Masato Kinugawa masatokinugawa
1
23k
JSでDoSる/ Shibuya.XSS techtalk #11
Avatar for Masato Kinugawa masatokinugawa
20
7.1k
Electron: Abusing the lack of context isolation - CureCon(en)
Avatar for Masato Kinugawa masatokinugawa
5
100k

Other Decks in Technology

See All in Technology
Security Hub と出会ってから 1年半が過ぎました
Avatar for rch850 rch850
0
180
Agentic Coding 実践ワークショップ
Avatar for watany watany
40
27k
【Oracle Cloud ウェビナー】[Oracle AI Database + Azure] AI-Ready データ戦略の最短ルート:Azure AIでビジネス データの価値を最大化
Avatar for oracle4engineer oracle4engineer
PRO
2
110
Exadata Database Service ソフトウェアのアップデートとアップグレードの概要
Avatar for oracle4engineer oracle4engineer
PRO
1
1.2k
M5Stack Chain DualKey を UIFlow 2.0 + USB接続で試す / ビジュアルプログラミングIoTLT vol.22
Avatar for you(@youtoy) you
PRO
2
120
AI開発の落とし穴 〜馬には乗ってみよAIには添うてみよ〜
Avatar for SansanTech sansantech
PRO
9
3.8k
AI時代のPMに求められるのは 「Ops」と「Enablement」
Avatar for Yutaro Shimoda shimotaroo
1
330
【northernforce#54】SalesforceにおけるAgentforceの位置づけ・事例紹介
Avatar for YutoSato yutosatou_kit
0
120
一番人に近いコードレビューア CodeRabbit
Avatar for kinopee kinopeee
0
110
Claude Codeベストプラクティスまとめ
Avatar for みのるん minorun365
44
25k
書籍執筆での生成AIの活用
Avatar for Satoru Takeuchi sat
PRO
1
210
プロダクトエンジニアこそ必要なPMスキル 〜デリバリー力を最大化し、価値を届け続けるために〜
Avatar for LayerX layerx
PRO
0
130

Featured

See All Featured
BBQ
Avatar for Matthew Crist matthewcrist
89
10k
GraphQLとの向き合い方2022年版
Avatar for Yosuke Kurami quramy
50
14k
Digital Ethics as a Driver of Design Innovation
Avatar for Per Axbom axbom
PRO
1
150
How to Grow Your eCommerce with AI & Automation
Avatar for Katarina Dahlin katarinadahlin
PRO
0
97
Making the Leap to Tech Lead
Avatar for Ryan Cromwell cromwellryan
135
9.7k
JavaScript: Past, Present, and Future - NDC Porto 2020
Avatar for David Neal reverentgeek
52
5.8k
Tell your own story through comics
Avatar for letsgokoyo letsgokoyo
1
800
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
Avatar for Addy Osmani addyosmani
9
1.1k
Primal Persuasion: How to Engage the Brain for Learning That Lasts
Avatar for Mike Taylor tmiket
0
220
How to Build an AI Search Optimization Roadmap - Criteria and Steps to Take #SEOIRL
Avatar for Aleyda Solis aleyda
1
1.8k
Kristin Tynski - Automating Marketing Tasks With AI
Avatar for Tech SEO Connect techseoconnect
PRO
0
120
How to Think Like a Performance Engineer
Avatar for Harry Roberts csswizardry
28
2.4k

Transcript

  1. None
  2. None
  3. None

  4. • • •

  6. • •

  7. None

  8. • • newWin = window.open('//example.com/','w','a'); newWin.blur();//新しいウインドウのフォーカスを離す window.focus();//親にフォーカスを移す

  9. • •

  10. • https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w

  11. None
  12. None
  13. None
  14. None
  15. None

  16. confirm(1);

  17. prompt(1);

  18. print();

  19. //Basic認証

  20. //外部アプリを開くプロトコルへナビゲーション location = "mms:";

  21. onbeforeunload=function(e){return 1;} //どこかへ移動しようとするとダイアログ出現

  22. new PresentationRequest("").start();

  23. new PaymentRequest([{ supportedMethods: ['basic-card'] }], { total: { label: 1,

    amount: { currency: 'USD', value: 0 } } }).show();

  24. navigator.usb.requestDevice({filters:[]});

  25. <form> <input type="email" value="a"> <button id="button"> </form> <script> button.click(); </script>

  26. • • • • • •

  27. <script> function popUnder() { new PresentationRequest("").start(); window.open("https://example.com/", "_blank","a"); setTimeout(function(){ location.reload();//リロードでダイアログを消す

    },1000); } </script> <button onclick="popUnder()">Create PopUnder</button>
  28. None

  29. • • • • • • •

  30. • • • • •

  31. • •

  32. • • •

  33. None