Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
徳丸本輪読会
Search
mcz9mm
July 30, 2017
0
68
徳丸本輪読会
第二回4.5
mcz9mm
July 30, 2017
Tweet
Share
More Decks by mcz9mm
See All by mcz9mm
SwiftUI-List-Pagination
mcz9mm
2
2.2k
ARKit2.0でAppleが伝えたいアプリ体験を考える
mcz9mm
2
1.1k
ゆるく学ぶARKit
mcz9mm
3
1.4k
What’s TCP/UDP?
mcz9mm
0
100
NATサーバーの必要性
mcz9mm
0
87
What’s New in ARKit2.0
mcz9mm
0
87
徳丸本 ログインフォーム
mcz9mm
0
98
arkit+animoji
mcz9mm
0
64
徳丸本8
mcz9mm
0
110
Featured
See All Featured
Unsuck your backbone
ammeep
669
57k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
366
25k
The Language of Interfaces
destraynor
156
24k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
Rebuilding a faster, lazier Slack
samanthasiow
80
8.9k
Building Your Own Lightsaber
phodgson
104
6.2k
GitHub's CSS Performance
jonrohan
1030
460k
Why You Should Never Use an ORM
jnunemaker
PRO
55
9.2k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
33
2.8k
Side Projects
sachag
452
42k
Practical Orchestrator
shlominoach
186
10k
Transcript
ॏཁͳॲཧͷࡍʹࠞೖ͢Δ੬ऑੑ ಙؙձ MataraiKaoru
ॏཁͳॲཧ • ΫϨΧͷܾࡁ • ϝʔϧͷૹ৴ • ޱ࠲͔Βͷૹۚ • ύεϫʔυIDͷมߋ •
etc..
ΫϩεαΠτɾϦΫΤετϑΥʔδΣϦ CSRF ʮ֬ೝʯॲཧ͕ൈ͚͍ͯΔ͚ͩͰউखʹ࣮ߦ͞ ͤΒΕΔةݥੑ͕͋Δ ॏཁͳॲཧͷѱ༻ʹݶΔͷͰඃʹ͋ͬͨར༻ ऀͷݸਓใ౪Ή͜ͱͰ͖ͳ͍
ൃੜՕॴ • CookieͷΈͰηογϣϯཧ͕ߦΘΕ͍ͯΔα Πτ • HTTPೝূɺSSLΫϥΠΞϯτূ໌ॻɺܞଳి ͷIDͷΈͰར༻ऀͷࣝผ͕ߦΘΕ͍ͯΔαΠτ
࣮ߦύλʔϯ • ར༻ऀ͕ରͷαΠτʹϩάΠϯ͍ͯ͠Δ • ߈ܸऀ͕᠘Λ༻ҙ͢Δ • ඃऀ͕᠘ΛӾཡ͢Δ • ᠘ͷJSʹΑΓαΠτʹର͠ɺ৽͍͠ύεϫʔ υ͕POSTϝιουͰૹ৴͞Ε͍ͯΔ
XSSͱͷൺֱ • ઃܭஈ֊ͰରࡦΛΓࠐΉඞཁ͕͋Δ • ೝ͕XSSʹൺ͍ͯ
෦ωοτϫʔΫʹର͢ΔCSRD߈ܸ • WebαΠτ͚ͩͰͳ͘෦ωοτϫʔΫʹ ଓ͞Εͨαʔόʔ߈ܸՄೳ • ϧʔλʔϑΝΠΞʔΥʔϧͷઃఆը໘ ੬ऑੑͷՄೳੑ͕
੬ऑੑ͕ੜ·ΕΔݪҼ Webͷੑ࣭Λར༻ͨ͠ͷ • fromཁૉͷactionଐੑʹͲͷυϝΠϯURL ͰࢦఆͰ͖Δ • Cookieʹอ͞ΕͨηογϣϯIDɺରα Πτʹࣗಈతʹૹ৴͞ΕΔ
ҙਤͨ͠HTTPϦΫΤετ POST /45/45-003.php HTTP/1.1 Referer: http://example.jp/45/45-002.php ~~~~~~~~~~~~ pwd=pass1 ※ϦϑΝϥΛࢀর͢Δ͜ͱͰɺͲ͔͜Βͦͷϖʔδʹཁٻ͕དྷͨͷ͔ΛΔ ͜ͱ͕Ͱ͖Δ
CSRF߈ܸʹΑΔHTTPϦΫΤετ POST /45/45-003.php HTTP/1.1 Referer: http://trap.example.jp/45/45-900.php ~~~~~~~~~~~~ pwd=pass1
ରࡦͦͷ̍ • CSRFରࡦʹඞཁͳϖʔδΛѲ͢Δ ΧʔτʹՃ ೝূ ॅॴ֬ೝ ߪೖ֬ೝ ҙͷϖʔδ ݸਓใฤू
ใ֬ೝ มߋ
ରࡦͦͷ̎ • ਖ਼نར༻ऀͷҙਤͨ͠ϦΫΤετͰ͋Δ͜ͱΛ ֬ೝ͢Δ • ֬ೝํ๏ • τʔΫϯͷຒΊࠐΈ • ύεϫʔυ࠶ೖྗ
• RefererͷνΣοΫ
τʔΫϯͷຒΊࠐΈ • ୈࡾऀ͕Γಘͳ͍ൿີใΛཁٻ͢ΔΑ͏ʹ͢ΕผՄೳ ຒΊࠐΈɿ <input type=“hidden” name=“token” value”<?php echo htmlspecialchars(session_id(),
ENT_COMPAT, ‘UTF-8’); ?>”> ֬ೝɿ if (session_id() !== $_POST[‘token’]) { //Error Handle }
ύεϫʔυͷ࠶ೖྗ • ͷߪೖͳͲʹઌཱͬͯɺར༻ऀͷҙࢥΛ ೦ԡͯ֬͠͠ೝ͢Δ • ڞ༗PCͰଞਓ͕ૢ࡞͍ͯ͠ΔΘ͚Ͱͳ͘ɺ ຊʹਖ਼نͷར༻ऀͰ͋Δ͜ͱΛ֬ೝ͢Δ ্هҎ֎ͷϖʔδঢ়گͰߦ͏ͱඇৗʹ͍ʹ͍͘αΠτʹɾɾɾ
RefererͷνΣοΫ /* ࢀরݩʹΑͬͯৼΓ͚ॲཧ */ $referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] :
null; if (preg_match("|^https?://[a-zA-Z0-9-]+\.hoge\.jp|", $referer)) { // "xxx.hoge.jp" αΠτ͔ΒͷΞΫηε࣌ͷॲཧɻ } else { /* ΞΫηε࣌ͷॲཧ */ }
อݥతͳରࡦ ରͷར༻ऀʹରͯ͠ॲཧ༰ͷ௨ϝʔϧͷ ૹ৴
End