Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
徳丸本輪読会
Search
mcz9mm
July 30, 2017
0
68
徳丸本輪読会
第二回4.5
mcz9mm
July 30, 2017
Tweet
Share
More Decks by mcz9mm
See All by mcz9mm
SwiftUI-List-Pagination
mcz9mm
2
2.2k
ARKit2.0でAppleが伝えたいアプリ体験を考える
mcz9mm
2
1.1k
ゆるく学ぶARKit
mcz9mm
3
1.4k
What’s TCP/UDP?
mcz9mm
0
100
NATサーバーの必要性
mcz9mm
0
89
What’s New in ARKit2.0
mcz9mm
0
88
徳丸本 ログインフォーム
mcz9mm
0
99
arkit+animoji
mcz9mm
0
65
徳丸本8
mcz9mm
0
110
Featured
See All Featured
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.5k
Stop Working from a Prison Cell
hatefulcrawdad
268
20k
GraphQLの誤解/rethinking-graphql
sonatard
69
10k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
10
540
[RailsConf 2023] Rails as a piece of cake
palkan
53
5.3k
4 Signs Your Business is Dying
shpigford
183
22k
Bash Introduction
62gerente
611
210k
Measuring & Analyzing Core Web Vitals
bluesmoon
6
260
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
Docker and Python
trallard
44
3.3k
Unsuck your backbone
ammeep
669
57k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Transcript
ॏཁͳॲཧͷࡍʹࠞೖ͢Δ੬ऑੑ ಙؙձ MataraiKaoru
ॏཁͳॲཧ • ΫϨΧͷܾࡁ • ϝʔϧͷૹ৴ • ޱ࠲͔Βͷૹۚ • ύεϫʔυIDͷมߋ •
etc..
ΫϩεαΠτɾϦΫΤετϑΥʔδΣϦ CSRF ʮ֬ೝʯॲཧ͕ൈ͚͍ͯΔ͚ͩͰউखʹ࣮ߦ͞ ͤΒΕΔةݥੑ͕͋Δ ॏཁͳॲཧͷѱ༻ʹݶΔͷͰඃʹ͋ͬͨར༻ ऀͷݸਓใ౪Ή͜ͱͰ͖ͳ͍
ൃੜՕॴ • CookieͷΈͰηογϣϯཧ͕ߦΘΕ͍ͯΔα Πτ • HTTPೝূɺSSLΫϥΠΞϯτূ໌ॻɺܞଳి ͷIDͷΈͰར༻ऀͷࣝผ͕ߦΘΕ͍ͯΔαΠτ
࣮ߦύλʔϯ • ར༻ऀ͕ରͷαΠτʹϩάΠϯ͍ͯ͠Δ • ߈ܸऀ͕᠘Λ༻ҙ͢Δ • ඃऀ͕᠘ΛӾཡ͢Δ • ᠘ͷJSʹΑΓαΠτʹର͠ɺ৽͍͠ύεϫʔ υ͕POSTϝιουͰૹ৴͞Ε͍ͯΔ
XSSͱͷൺֱ • ઃܭஈ֊ͰରࡦΛΓࠐΉඞཁ͕͋Δ • ೝ͕XSSʹൺ͍ͯ
෦ωοτϫʔΫʹର͢ΔCSRD߈ܸ • WebαΠτ͚ͩͰͳ͘෦ωοτϫʔΫʹ ଓ͞Εͨαʔόʔ߈ܸՄೳ • ϧʔλʔϑΝΠΞʔΥʔϧͷઃఆը໘ ੬ऑੑͷՄೳੑ͕
੬ऑੑ͕ੜ·ΕΔݪҼ Webͷੑ࣭Λར༻ͨ͠ͷ • fromཁૉͷactionଐੑʹͲͷυϝΠϯURL ͰࢦఆͰ͖Δ • Cookieʹอ͞ΕͨηογϣϯIDɺରα Πτʹࣗಈతʹૹ৴͞ΕΔ
ҙਤͨ͠HTTPϦΫΤετ POST /45/45-003.php HTTP/1.1 Referer: http://example.jp/45/45-002.php ~~~~~~~~~~~~ pwd=pass1 ※ϦϑΝϥΛࢀর͢Δ͜ͱͰɺͲ͔͜Βͦͷϖʔδʹཁٻ͕དྷͨͷ͔ΛΔ ͜ͱ͕Ͱ͖Δ
CSRF߈ܸʹΑΔHTTPϦΫΤετ POST /45/45-003.php HTTP/1.1 Referer: http://trap.example.jp/45/45-900.php ~~~~~~~~~~~~ pwd=pass1
ରࡦͦͷ̍ • CSRFରࡦʹඞཁͳϖʔδΛѲ͢Δ ΧʔτʹՃ ೝূ ॅॴ֬ೝ ߪೖ֬ೝ ҙͷϖʔδ ݸਓใฤू
ใ֬ೝ มߋ
ରࡦͦͷ̎ • ਖ਼نར༻ऀͷҙਤͨ͠ϦΫΤετͰ͋Δ͜ͱΛ ֬ೝ͢Δ • ֬ೝํ๏ • τʔΫϯͷຒΊࠐΈ • ύεϫʔυ࠶ೖྗ
• RefererͷνΣοΫ
τʔΫϯͷຒΊࠐΈ • ୈࡾऀ͕Γಘͳ͍ൿີใΛཁٻ͢ΔΑ͏ʹ͢ΕผՄೳ ຒΊࠐΈɿ <input type=“hidden” name=“token” value”<?php echo htmlspecialchars(session_id(),
ENT_COMPAT, ‘UTF-8’); ?>”> ֬ೝɿ if (session_id() !== $_POST[‘token’]) { //Error Handle }
ύεϫʔυͷ࠶ೖྗ • ͷߪೖͳͲʹઌཱͬͯɺར༻ऀͷҙࢥΛ ೦ԡͯ֬͠͠ೝ͢Δ • ڞ༗PCͰଞਓ͕ૢ࡞͍ͯ͠ΔΘ͚Ͱͳ͘ɺ ຊʹਖ਼نͷར༻ऀͰ͋Δ͜ͱΛ֬ೝ͢Δ ্هҎ֎ͷϖʔδঢ়گͰߦ͏ͱඇৗʹ͍ʹ͍͘αΠτʹɾɾɾ
RefererͷνΣοΫ /* ࢀরݩʹΑͬͯৼΓ͚ॲཧ */ $referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] :
null; if (preg_match("|^https?://[a-zA-Z0-9-]+\.hoge\.jp|", $referer)) { // "xxx.hoge.jp" αΠτ͔ΒͷΞΫηε࣌ͷॲཧɻ } else { /* ΞΫηε࣌ͷॲཧ */ }
อݥతͳରࡦ ରͷར༻ऀʹରͯ͠ॲཧ༰ͷ௨ϝʔϧͷ ૹ৴
End