Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ブラウザのUIのバグを探す / Secusoba PopUnder

Avatar for Masato Kinugawa Masato Kinugawa
November 26, 2017
Technology
2
2.2k

ブラウザのUIのバグを探す / Secusoba PopUnder

第40回セキュそば勉強会(http://secusoba.info/?%E7%AC%AC40%E5%9B%9E%2811%E6%9C%8825%E6%97%A5%29) で発表した資料です。

Avatar for Masato Kinugawa

Masato Kinugawa

November 26, 2017
Tweet

More Decks by Masato Kinugawa

See All by Masato Kinugawa
Shadow DOMとセキュリティ - 光と影の境界を探る / Shibuya.XSS techtalk #13
Avatar for Masato Kinugawa masatokinugawa
0
490
Shadow DOM & Security - Exploring the boundary between light and shadow
Avatar for Masato Kinugawa masatokinugawa
1
1.6k
ブラウザのレガシー・独自機能を愛でる-Firefoxの脆弱性4選- / Browser Crash Club #1
Avatar for Masato Kinugawa masatokinugawa
1
860
注目したいクライアントサイドの脆弱性2選/ Security.Tokyo #3
Avatar for Masato Kinugawa masatokinugawa
8
4k
バグハンティングのすゝめ / P3NFEST
Avatar for Masato Kinugawa masatokinugawa
5
2.5k
Pwn2OwnでMicrosoft Teamsをハッキングして2000万円を獲得した方法/ Shibuya.XSS techtalk #12
Avatar for Masato Kinugawa masatokinugawa
13
20k
How I Hacked Microsoft Teams and got $150,000 in Pwn2Own
Avatar for Masato Kinugawa masatokinugawa
1
22k
JSでDoSる/ Shibuya.XSS techtalk #11
Avatar for Masato Kinugawa masatokinugawa
20
7k
Electron: Abusing the lack of context isolation - CureCon(en)
Avatar for Masato Kinugawa masatokinugawa
5
100k

Other Decks in Technology

See All in Technology
非エンジニアのあなたもできる&もうやってる!コンテキストエンジニアリング
Avatar for ファインディ株式会社(イベント資料アップ用) findy_eventslides
3
880
OpenAI gpt-oss ファインチューニング入門
Avatar for kmotohas kmotohas
2
860
「AI駆動PO」を考えてみる - 作る速さから価値のスループットへ:検査・適応で未来を開発 / AI-driven product owner. scrummat2025
Avatar for yosuke nagai yosuke_nagai
2
500
成長自己責任時代のあるきかた/How to navigate the era of personal responsibility for growth
Avatar for Hiromu Shioya kwappa
3
230
Railsアプリケーション開発者のためのブックガイド
Avatar for Masayoshi Takahashi takahashim
14
6k
20250929_QaaS_vol20
Avatar for Shin Murakami mura_shin
0
110
analysis パッケージの仕組みの上でMulti linter with configを実現する / Go Conference 2025
Avatar for Ken’ichiro Oyama k1low
1
260
Optuna DashboardにおけるPLaMo2連携機能の紹介 / PFN LLM セミナー
Avatar for Preferred Networks pfn
PRO
1
830
Findy Team+のSOC2取得までの道のり
Avatar for adachi.ryo rvirus0817
0
300
組織観点から IAM Identity CenterとIAMの設計を考える
Avatar for NRI Netcom nrinetcom
PRO
1
150
Escaping_the_Kraken_-_October_2025.pdf
Avatar for Maarten Dalmijn mdalmijn
0
110
ZOZOのAI活用実践〜社内基盤からサービス応用まで〜
Avatar for ZOZO Developers zozotech
PRO
0
150

Featured

See All Featured
Practical Orchestrator
Avatar for Shlomi Noach shlominoach
190
11k
Become a Pro
Avatar for Speaker Deck speakerdeck
PRO
29
5.5k
We Have a Design System, Now What?
Avatar for Morgane Peng morganepeng
53
7.8k
Helping Users Find Their Own Way: Creating Modern Search Experiences
Avatar for Dan Newman danielanewman
30
2.9k
RailsConf 2023
Avatar for Aaron Patterson tenderlove
30
1.2k
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
71
11k
Balancing Empowerment & Direction
Avatar for Lara Hogan lara
4
670
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
Avatar for Dan Newman danielanewman
229
22k
Thoughts on Productivity
Avatar for Jon Yablonski jonyablonski
70
4.9k
The Pragmatic Product Professional
Avatar for Laura Van Doore lauravandoore
36
6.9k
Designing for humans not robots
Avatar for Tammie Lister tammielis
254
25k
The Cult of Friendly URLs
Avatar for Andy Hume andyhume
79
6.6k

Transcript

  1. None
  2. None
  3. None

  4. • • •

  6. • •

  7. None

  8. • • newWin = window.open('//example.com/','w','a'); newWin.blur();//新しいウインドウのフォーカスを離す window.focus();//親にフォーカスを移す

  9. • •

  10. • https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w

  11. None
  12. None
  13. None
  14. None
  15. None

  16. confirm(1);

  17. prompt(1);

  18. print();

  19. //Basic認証

  20. //外部アプリを開くプロトコルへナビゲーション location = "mms:";

  21. onbeforeunload=function(e){return 1;} //どこかへ移動しようとするとダイアログ出現

  22. new PresentationRequest("").start();

  23. new PaymentRequest([{ supportedMethods: ['basic-card'] }], { total: { label: 1,

    amount: { currency: 'USD', value: 0 } } }).show();

  24. navigator.usb.requestDevice({filters:[]});

  25. <form> <input type="email" value="a"> <button id="button"> </form> <script> button.click(); </script>

  26. • • • • • •

  27. <script> function popUnder() { new PresentationRequest("").start(); window.open("https://example.com/", "_blank","a"); setTimeout(function(){ location.reload();//リロードでダイアログを消す

    },1000); } </script> <button onclick="popUnder()">Create PopUnder</button>
  28. None

  29. • • • • • • •

  30. • • • • •

  31. • •

  32. • • •

  33. None