Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How to hack metacpan.org

Avatar for mala mala
September 04, 2014
Programming
7
1.3k

How to hack metacpan.org

YAPC::Asia 2014 Reject con LT
2014-09-03
Avatar for mala

mala

September 04, 2014
Tweet

More Decks by mala

See All by mala
The Evolution of Alert & Notification System / Becks Japan #1
Avatar for mala mala
11
8.8k
TBD/Shibuya.XSS techtalk #8
Avatar for mala mala
5
2.6k
実例に学ぶXSS脆弱性の発見と修正方法/line_dm 16 20160916 how to find and fix xss
Avatar for mala mala
25
9.4k
超絶技巧CSRF / Shibuya.XSS techtalk #7
Avatar for mala mala
41
14k
SECCON2013 slide
Avatar for mala mala
14
3k

Other Decks in Programming

See All in Programming
Doma で目指す ORM 最適解
Avatar for Toshihiro Nakamura nakamura_to
1
160
技術的負債と戦略的に戦わざるを得ない場合のオブザーバビリティ活用術 / Leveraging Observability When Strategically Dealing with Technical Debt
Avatar for yoshiyoshifujii yoshiyoshifujii
0
160
【TSkaigi 2025】これは型破り?型安全? 真実はいつもひとつ!(じゃないかもしれない)TypeScript クイズ〜〜〜〜!!!!!
Avatar for Kimita Shoichi kimitashoichi
1
300
〜可視化からアクセス制御まで〜 BigQuery×Looker Studioで コスト管理とデータソース認証制御する方法
Avatar for CUEBiC Inc. cuebic9bic
1
240
eBPFを用いたAIネットワーク監視システム論文の実装 / eBPF Japan Meetup #4
Avatar for Yuuki Tsubouchi (yuuk1) yuukit
3
610
External SecretsのさくらProvider初期実装を担当しています
Avatar for logica / Takuto Nagami logica0419
0
210
バリデーションライブラリ徹底比較
Avatar for Yuta Tanaka nayuta999999
1
420
DevTalks 25 - Create your own AI-infused Java apps with ease
Avatar for Kevin Dubois kdubois
2
120
Parallel::Pipesの紹介
Avatar for Shoichi Kaji skaji
2
870
Devinで実践する!AIエージェントと協働する開発組織の作り方
Avatar for Masahiro Nishimi masahiro_nishimi
6
2.5k
バランスを見極めよう!実装の意味を明示するための型定義 TSKaigi 2025 Day2 (5/24)
Avatar for whatasoda whatasoda
2
770
事業KPIを基に価値の解像度を上げる
Avatar for Nealle nealle
0
200

Featured

See All Featured
Design and Strategy: How to Deal with People Who Don’t "Get" Design
Avatar for Morgane Peng morganepeng
129
19k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
Avatar for Vitaly Friedman smashingmag
252
21k
What's in a price? How to price your products and services
Avatar for Michael Herold michaelherold
245
12k
Intergalactic Javascript Robots from Outer Space
Avatar for Vicent Martí tanoku
271
27k
Large-scale JavaScript Application Architecture
Avatar for Addy Osmani addyosmani
512
110k
Producing Creativity
Avatar for Steve Smith orderedlist
PRO
346
40k
CSS Pre-Processors: Stylus, Less & Sass
Avatar for Bermon Painter bermonpainter
357
30k
RailsConf 2023
Avatar for Aaron Patterson tenderlove
30
1.1k
JavaScript: Past, Present, and Future - NDC Porto 2020
Avatar for David Neal reverentgeek
48
5.4k
BBQ
Avatar for Matthew Crist matthewcrist
88
9.7k
Keith and Marios Guide to Fast Websites
Avatar for Keith Pitt keithpitt
411
22k
The MySQL Ecosystem @ GitHub 2015
Avatar for Sam Lambert samlambert
251
12k

Transcript

  1. )PXUPIBDL NFUBDQBOPSH NBMB

  2. :"1$ߦͬͯͳ͍

  3. ͖ΐ͏ͷςʔϚ w )PXUPIBDLNFUBDQBOPSH ! w ѱ͍ҙຯͰ

  4. NFUBDQBOPSHͰͷ SFNPUFDPEFFYFDVUJPO w िؒ΄ͲલʹใࠂpYFE w 1MBDL.JEEMFXBSF4FTTJPO$PPLJF w NFUBDQBOPSH௚͔ͬͯΒৄࡉॻ͜͏ͱࢥͬͨΒ NJZBHBXB͞Μ͕௒଎ͰϦϦʔεͨ͠ͷͰ NFUBDQBOPSHθϩσΠެ։ঢ়ଶͩͬͨ

  5. ͝ଘ஌Ͱ͔͢ʁ 4UPSBCMFͰ ೚ҙίʔυ࣮ߦ

  6. ΦϒδΣΫτσγϦΞϥΠβ Λ௨ͨ͡ίʔυ࣮ߦ w ෳ਺ͷݴޠͰಉ༷ͷ໰୊͕ใࠂ͞Ε͍ͯΔ w ೚ҙͷΫϥεͷΦϒδΣΫτΛ෮ݩͰ͖Δ΋ͷ w 3VCZ :".- .BSTIBM

    w 1FSM 4UPSBCMF :".- 9.-

  7. $PPLJFܦ༝Ͱͷ 4UPSBCMFΦϒδΣΫτ w σγϦΞϥΠζͷλΠϛϯάͰίʔυ࣮ߦग़དྷΔ w $PPLJFʹ4UPSBCMFͰσʔλอଘ͢Δηογϣϯ Ϛωʔδϟ͕͋Δ w )."$ॺ໊ʹΑΔվ᜵๷ࢭ͕ͳ͍PS伴͕ऑ͍ PS伴͕࿙ΕΔέʔεͰDPPLJF͕վ᜵Ͱ͖Δ

    w ࡉ޻ͨ͠$PPLJFΛ࢖ͬͨ೚ҙίʔυ࣮ߦग़དྷΔ

  8. ͍͔ͭ͘ใࠂ͞Ε͍ͯΔ w SFQPSUFECZNBMB ͍͖͞Μ  w )5514FTTJPO "NPO w 1MBDL.JEEMFXBSF4FTTJPO$PPLJF

    w ೥ w 4UPSBCMFUIBXDBMMFEPODPPLJFEBUBJONVMUJQMF $1"/NPEVMFT w IUUQTFDMJTUTPSHPTTTFDR

  9. Өڹൣғ w ΦϒδΣΫτ͕෮ݩ͞ΕΔͱ͍͏͜ͱ͸ w ԿΒ͔ͷॳظԽॲཧ͕࣮ߦ͞ΕͨΓ w ഁغ͞ΕΔλΠϛϯάͰσετϥΫλ͕࣮ߦ͞ΕͨΓ w ܕม׵ͷλΠϛϯάͰԿ͔͕͓͖ͨΓ
 ʢίʔυຒΊࠐΊΔςϯϓϨʔτΤϯδϯͱ͔ʣ

    w ͦͷଞ΋Ζ΋Ζͷ༧ظ͠ͳ͍໰୊

  10. ΦϒδΣΫτσγϦΞϥΠβ ͸ةݥ w ϓϨʔϯͳϋογϡΑΓ΋༧ظ͠ͳ͍͜ͱ͕ى ͖Δ w CMFTTFEIBTIඞཁͳ͚Ε͹
 4UPSBCMFΛ࢖Θͳ͍΄͏͕͍͍

  11. +40/ʹ͢Ε͹҆શʁ w ͓͓ΉͶͦ͏ w σγϦΞϥΠζͷΈͰ໰୊͸ى͖ͳ͍ w +40/ 42-JOKFDUJPO w จࣈྻ͕དྷΔͱࢥͬͯΔՕॴʹϋογϡ΍഑ྻ

    ͕ೖΔ͜ͱͰ༧ظ͠ͳ͍ಈ࡞͕ى͜ΔՄೳੑ

  12. 4UPSBCMFͷಛච͢΂͖఺ w ೚ҙͷϞδϡʔϧͷϩʔυ͕Մೳ w PWFSMPBE͕࢖ΘΕ͍ͯΔΦϒδΣΫτΛGSFF[F͢Δͱɺ PWFSMPBEϑϥά෇͖Ͱอଘ͞ΕΔ w PWFSMPBEϑϥά͕෇͍͍ͯΔ4UPSBCMFEPDVNFOUΛ ϩʔυ͢ΔࡍʹɺಁաతʹϞδϡʔϧΛϩʔυ͢Δ w

    ຊདྷͳΒPWFSMPBE͕࢖ΘΕ͍ͯͳ͍ϞδϡʔϧͰ΋ɺ͜ ͷϑϥάΛઃఆ͢Δ͜ͱͰɺ೚ҙͷϞδϡʔϧΛϩʔυ Մೳ

  13. ͜Ε͸ط஌ͷ໰୊Ͱ͋Δ w NBTUFSJOHQFSMPSHUIFTUPSBCMF TFDVSJUZQSPCMFN w ۙ೥ʹͳͬͯEPDVNFOUʹॻ͔Εͨ w IUUQQFSMHJUQFSMPSHQFSMHJUDPNNJU GBDCCECGFEEB DFF

  14. σετϥΫλ࣮ߦ 㲈೚ҙίʔυ࣮ߦ w σετϥΫλ࣮ߦͰ͸ग़དྷΔ͜ͱ͕ݶΒΕΔ w యܕతͳͷ͸Ұ࣌ϑΝΠϧ࡟আ
 ˠ೚ҙϑΝΠϧ࡟আ w ͤΊͯϑΝΠϧॻ͖ࠐΈ͕ग़དྷΕ͹ɾɾɾ w

    ѱ༻Ͱ͖ͦ͏ͳ$1"/ϞδϡʔϧΛ୳͢

  15. ݬͷ೚ҙίʔυ࣮ߦՄೳϞδϡʔϧΛ୳ͯ͠ w σετϥΫλ಺Ͱίʔυ࣮ߦͰ͖ͦ͏ͳ΋ͷΛ୳ ͢ w FWBMTFMG\DPEF^ w PQFO ') TFMG\pMFOBNF^

     w TZTUFN FYFD EP HMPC FUD w ͦ͏ͦ͏ͳ͍Α

  16. ϑΝΠϧ΁ͷॻ͖ࠐΈ w ϑΝΠϧ΁ͷॻ͖ࠐΈ͕ग़དྷΕ͹ɺQNϑΝΠϧ Λੜ੒ͯ͠ϩʔυͯ͠΍Ε͹೚ҙίʔυ࣮ߦग़ དྷΔͷͰ͸ͳ͍͔ʁ w ࣮ࡍͷΞϓϦέʔγϣϯ͸VTFMJCͯ͠Δ͜ͱ͕ ଟ͍ MJCMPDBM 

    w ΧϨϯτσΟϨΫτϦҎԼͷϑΝΠϧʹ͋Δఔ౓ ࣗ༝ͳϑΥʔϚοτͰॻ͖ࠐΈ͕ग़དྷΕ͹ɻɻ

  17. σετϥΫλͰϑΝΠϧʹॻ͖ࠐΉ $1"/Ϟδϡʔϧ w ࣮ࡏͨ͠ w ໨HSFQ͠·ͬͯ͘ൃݟ w ࣗಈηʔϒ΍ϩάϑΝΠϧͷqVTIܥͷػೳ w QNϑΝΠϧΛੜ੒ͯ͠ϩʔυ·ͰՄೳ

    w ςϯϓϨʔτվ᜵͔Β೚ҙίʔυ࣮ߦ͕Մೳ

  18. 4UPSBCMFͰͷίʔυ࣮ߦ w ਂࠁ౓্͕͕ͬͨͱߟ͑ͯྑ͍
 જࡏత೚ҙίʔυ࣮ߦˠ࣮֬ͳ೚ҙίʔυ࣮ߦ  w ਖ਼֬ʹ͸ʮΠϯετʔϧ͞Ε͍ͯΔϞδϡʔϧ࣍ୈͰ೚ ҙίʔυ࣮ߦ͕Մೳʯ w ͔ͳΓଟ͘ͷ؀ڥͰΠϯετʔϧ͞Ε͍ͯΔϞδϡʔϧ

    ͰՄೳͩͬͨ w QFSMTFDVSJUZʹใࠂ FYQMPJUެ։͕ద੾͔Ͳ͏͔૬ஊ த

  19. ·ͱΊ w 4UPSBCMF ͱ͍͏͔CMFTTFEIBTIΛ෮ݩͰ͖Δ γϦΞϥΠβ͸೚ҙίʔυ࣮ߦʹܨ͕Δةݥ͕ ͋Δ w "NPOͱ1MBDL.JEEMFXBSF4FTTJPOΛ֘౰͢ Δ࢖͍ํͯ͠Δਓ͸Ξφ΢ϯεಡΜͰରԠͯ͠Ͷɻ w

    )BQQZ)BDLJOH