Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Are you content with our current attacks on Con...
Search
GMO Flatt Security
August 05, 2024
2
350
Are you content with our current attacks on Content-Type?
A presentation for BSides Las Vegas 2024.
GMO Flatt Security
August 05, 2024
Tweet
Share
More Decks by GMO Flatt Security
See All by GMO Flatt Security
アプリケーション固有の「ロジックの脆弱性」を防ぐ開発者のためのセキュリティ観点
flatt_security
40
16k
開発組織のための セキュアコーディング研修の始め方
flatt_security
5
3.6k
GMO Flatt SecurityにおけるKubernetesセキュリティ診断について
flatt_security
0
110
Flatt Security XSS Challenge 解答・解説
flatt_security
0
1.8k
GMO Flatt Security 会社紹介資料
flatt_security
0
10k
codeblue_2024_opentalks.pdf
flatt_security
0
120
開発生産性をむしろ向上させる セキュリティパートナーの作り方 / Dev Productivity Con 2024
flatt_security
0
1.1k
XSS using dirty Content Type in cloud era
flatt_security
2
16k
「企画力」次第でテックブログのネタは尽きない / How to plan a tech blog
flatt_security
3
710
Featured
See All Featured
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
60k
Making Projects Easy
brettharned
116
6.1k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
30
2.3k
GraphQLの誤解/rethinking-graphql
sonatard
71
10k
How to Think Like a Performance Engineer
csswizardry
23
1.5k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
32
5.4k
It's Worth the Effort
3n
184
28k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
12k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
45
7.2k
Navigating Team Friction
lara
184
15k
Why Our Code Smells
bkeepers
PRO
336
57k
Transcript
"SFZPVDPOUFOUXJUIPVSDVSSFOU BUUBDLTPO$POUFOU5ZQF B[BSB !B@[BSB@O FJ !FJ 'MBUU4FDVSJUZJOD
6OFYQFDUFEQBUIGSPN)551SFTQPOTF VOFYQFDUFEBUUBDLQBUI
4FMGJOUSPEVDUJPOFJ &JKJ.PSJFJ 9!FJ 'MBUU4FDVSJUZJOD .VTDMF#SBJO
/PSJIJEF4BJUPB[BSB 9!B@[BSB@O 'MBUU4FDVSJUZJOD 4FMGJOUSPEVDUJPOB[BSB IUUQTNJTDB[BSBKQ3&"%.&
5PQJDT
8IBUJT$POUFOU5ZQF 0MEBUUBDLQBUIJO)551SFTQPOTF /FXBUUBDLQBUIJO)551SFTQPOTF #VH#PVOUZQSPHSBNSFTFBSDI 044SFTFBSDI .JUJHBUJPOT 5PQJDT
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
8IBUJT$POUFOU5ZQF
0MEBUUBDLQBUIJO)551SFTQPOTF
0MEBUUBDLQBUIJO)551SFTQPOTF
0MEBUUBDLQBUIJO)551SFTQPOTF
0MEBUUBDLQBUIJO)551SFTQPOTF
0MEBUUBDLQBUIJO)551SFTQPOTF
0MEBUUBDLQBUIJO)551SFTQPOTF &YUFOTJPO QOHKQH $POUFOU5ZQF JNBHFQOHJNBHFKQH .BHJDCZUF
0MEBUUBDLQBUIJO)551SFTQPOTF &YUFOTJPO QOHKQH $POUFOU5ZQF JNBHFQOHJNBHFKQH .BHJDCZUF
0MEBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF
8IBUJT0CKFDU4UPSBHF %BUB .FUBEBUB
8IBUJT0CKFDU4UPSBHF %BUB .FUBEBUB $POUFOU5ZQF
/FXBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF 'PSHPUWBMJEBUJPO
/FXBUUBDLQBUIJO)551SFTQPOTF
/FXBUUBDLQBUIJO)551SFTQPOTF
#VH#PVOUZQSPHSBNSFTFBSDI
%JTDPWFSZJO#VH#PVOUZQSPHSBN /PWBMJEBUJPO
%JTDPWFSZJO#VH#PVOUZQSPHSBN /PUVTJOH4
%JTDPWFSZJO#VH#PVOUZQSPHSBN "DDVSBUFWBMJEBUJPO
044SFTFBSDI
$PEFTFBSDI
$PEFTFBSDI
$PEFTFBSDI
$PEFTFBSDI /PWBMJEBUJPOPSMBYWBMJEBUJPO
$PEFTFBSDI /PWBMJEBUJPOPSMBYWBMJEBUJPO 😨
/PWBMJEBUJPO
/PWBMJEBUJPOJO)551SFRVFTU
/PWBMJEBUJPO /PWBMJEBUJPO
/PWBMJEBUJPO&YBNQMF
/PWBMJEBUJPO&YBNQMF 6TFEJSFDUWBMVFT
/PWBMJEBUJPO&YBNQMF
/PWBMJEBUJPO&YBNQMF 7BMJEBUJPO GSPOUFOEPOMZ
/PWBMJEBUJPO&YBNQMF 6QMPBE UFYUIUNM
/PWBMJEBUJPOJO)551SFTQPOTF
/PWBMJEBUJPO /PWBMJEBUJPO
/PWBMJEBUJPO74$PEF&YUFOTJPO
/PWBMJEBUJPO74$PEF&YUFOTJPO (FU UFYUIUNM
7BMJEBUJPOCZQBTT
7BMJEBUJPOCZQBTTJO)551SFRVFTU
7BMJEBUJPOCZQBTT -BYWBMJEBUJPO
7BMJEBUJPOCZQBTT -BYWBMJEBUJPO
#ZQBTTQBUUFSOT Code Implementations Bypass Examples startsWith(“image/png”) image/png, text/html endsWith(“image/png”)
text/html; image/png /^image\/png/ image/png, text/html includes(“image/png”) text/html; image/png
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7&
7BMJEBUJPOCZQBTT$7& #ZQBTT JNBHFQOH UFYUIUNM
7BMJEBUJPOCZQBTTJO)551SFTQPOTF
7BMJEBUJPOCZQBTT -BYWBMJEBUJPO
7BMJEBUJPOCZQBTT -BYWBMJEBUJPO
7BMJEBUJPOCZQBTT&MFDUSPO
7BMJEBUJPOCZQBTT&MFDUSPO #ZQBTT JNBHFQOH UFYUIUNM
7BMJEBUJPOCZQBTT$ISPNF&YUFOTJPO
7BMJEBUJPOCZQBTT$ISPNF&YUFOTJPO #ZQBTT UFYUIUNMQEG
.JUJHBUJPOT
4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO z
4FDVSJUZNFBTVSFTJOJNQMFNFOUBUJPO z
5IBOLZPVWFSZNVDIGPSMJTUFOJOH
3FGFSFODFT
◦ "NB[PO4 ◦ IUUQTBXTBNB[PODPNKQT ◦ #MBDL'BODPOUFOUUZQFSFTFBSDI ◦ IUUQTHJUIVCDPN#MBDL'BODPOUFOUUZQFSFTFBSDICMPC NBTUFS944NE ◦
$BSSJFSXBWF ◦ IUUQTHJUIVCDPNDBSSJFSXBWFVQMPBEFSDBSSJFSXBWF ◦ $7& ◦ IUUQTHJUIVCDPNDBSSJFSXBWFVQMPBEFSDBSSJFSXBWF TFDVSJUZBEWJTPSJFT()4"HYIYHGRIK 3FGFSFODF
23DPEF IUUQTTQFBLFSEFDLDPNGMBUU@TFDVSJUZBSFZPVDPOUFOUXJUIPVSDVSSFOUBUUBDLTPODPOUFOUUZQF
#ZQBTTUFDIOJRVF IUUQTCTJEFTUPLZPFOYTTVTJOHEJSUZDPOUFOUUZQFJODMPVEFSB
'"2
9445ISFBUT 4UPSFE944
&TTFOUJBM5IJOHT /PWBMJEBUJPO