Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
ブラウザのUIのバグを探す / Secusoba PopUnder
Search
Masato Kinugawa
November 26, 2017
Technology
2
2.2k
ブラウザのUIのバグを探す / Secusoba PopUnder
第40回セキュそば勉強会(
http://secusoba.info/?%E7%AC%AC40%E5%9B%9E%2811%E6%9C%8825%E6%97%A5%29
) で発表した資料です。
Masato Kinugawa
November 26, 2017
Tweet
Share
More Decks by Masato Kinugawa
See All by Masato Kinugawa
Shadow DOMとセキュリティ - 光と影の境界を探る / Shibuya.XSS techtalk #13
masatokinugawa
0
530
Shadow DOM & Security - Exploring the boundary between light and shadow
masatokinugawa
1
1.6k
ブラウザのレガシー・独自機能を愛でる-Firefoxの脆弱性4選- / Browser Crash Club #1
masatokinugawa
1
870
注目したいクライアントサイドの脆弱性2選/ Security.Tokyo #3
masatokinugawa
8
4k
バグハンティングのすゝめ / P3NFEST
masatokinugawa
5
2.5k
Pwn2OwnでMicrosoft Teamsをハッキングして2000万円を獲得した方法/ Shibuya.XSS techtalk #12
masatokinugawa
13
20k
How I Hacked Microsoft Teams and got $150,000 in Pwn2Own
masatokinugawa
1
22k
JSでDoSる/ Shibuya.XSS techtalk #11
masatokinugawa
20
7k
Electron: Abusing the lack of context isolation - CureCon(en)
masatokinugawa
5
100k
Other Decks in Technology
See All in Technology
Findy Team+ QAチーム これからのチャレンジ!
findy_eventslides
0
300
ビズリーチ求職者検索におけるPLMとLLMの活用 / Search Engineering MEET UP_2-1
visional_engineering_and_design
1
130
Introduction to Sansan Meishi Maker Development Engineer
sansan33
PRO
0
310
Contract One Engineering Unit 紹介資料
sansan33
PRO
0
8.8k
LLMアプリの地上戦開発計画と運用実践 / 2025.10.15 GPU UNITE 2025
smiyawaki0820
1
580
プロダクトのコードから見るGoによるデザインパターンの実践 #go_night_talk
bengo4com
1
2.6k
研究開発部メンバーの働き⽅ / Sansan R&D Profile
sansan33
PRO
3
20k
Bill One 開発エンジニア 紹介資料
sansan33
PRO
4
14k
AWS Top Engineer、浮いてませんか? / As an AWS Top Engineer, Are You Out of Place?
yuj1osm
2
220
能登半島災害現場エンジニアクロストーク 【JAWS FESTA 2025 in 金沢】
ditccsugii
0
850
Wasmのエコシステムを使った ツール作成方法
askua
0
190
【Kaigi on Rails 事後勉強会LT】MeはどうしてGirlsに? 私とRubyを繋いだRail(s)
joyfrommasara
0
270
Featured
See All Featured
GraphQLの誤解/rethinking-graphql
sonatard
73
11k
Principles of Awesome APIs and How to Build Them.
keavy
127
17k
Side Projects
sachag
455
43k
Imperfection Machines: The Place of Print at Facebook
scottboms
269
13k
Rebuilding a faster, lazier Slack
samanthasiow
84
9.2k
Git: the NoSQL Database
bkeepers
PRO
431
66k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
55
3k
Designing for Performance
lara
610
69k
Typedesign – Prime Four
hannesfritz
42
2.8k
The Straight Up "How To Draw Better" Workshop
denniskardys
238
140k
Balancing Empowerment & Direction
lara
4
690
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.2k
Transcript
None
None
None
• • •
•
• •
None
• • newWin = window.open('//example.com/','w','a'); newWin.blur();//新しいウインドウのフォーカスを離す window.focus();//親にフォーカスを移す
• •
• https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w
None
None
None
None
None
confirm(1);
prompt(1);
print();
//Basic認証
//外部アプリを開くプロトコルへナビゲーション location = "mms:";
onbeforeunload=function(e){return 1;} //どこかへ移動しようとするとダイアログ出現
new PresentationRequest("").start();
new PaymentRequest([{ supportedMethods: ['basic-card'] }], { total: { label: 1,
amount: { currency: 'USD', value: 0 } } }).show();
navigator.usb.requestDevice({filters:[]});
<form> <input type="email" value="a"> <button id="button"> </form> <script> button.click(); </script>
• • • • • •
<script> function popUnder() { new PresentationRequest("").start(); window.open("https://example.com/", "_blank","a"); setTimeout(function(){ location.reload();//リロードでダイアログを消す
},1000); } </script> <button onclick="popUnder()">Create PopUnder</button>
None
• • • • • • •
• • • • •
• •
• • •
None
masatokinugawa
findy_eventslides
visional_engineering_and_design
sansan33
smiyawaki0820
bengo4com
yuj1osm
ditccsugii
askua
joyfrommasara
sonatard
keavy
sachag
scottboms
samanthasiow
bkeepers
tammyeverts
lara
hannesfritz
denniskardys
![new PaymentRequest([{ supportedMethods: ['basic-card'] }], { total: { label: 1,](https://files.speakerdeck.com/presentations/0f400b94ba0b4ab39f5e8702330e687f/slide_22.jpg){kind=link}
![navigator.usb.requestDevice({filters:[]});](https://files.speakerdeck.com/presentations/0f400b94ba0b4ab39f5e8702330e687f/slide_23.jpg){kind=link}
