Upgrade to Pro — share decks privately, control downloads, hide ads and more …

バグバウンティ入門してみた /Getting started with Bug Bounty

no1zy
February 23, 2019
4.6k

バグバウンティ入門してみた /Getting started with Bug Bounty

元祖 濱せっく #2での発表資料

no1zy

February 23, 2019
Tweet

Transcript

  1. Google Dorks • site - ࢦఆ͞ΕͨυϝΠϯͷwebαΠτΛݕࡧ site:www.example.com • inurl -

    ࢦఆ͞Εͨจࣈྻ͕URLʹؚ·ΕΔ WebαΠτΛݕࡧ inurl:callback
  2. ॏ఺తʹݟΔ৔ॴ Source: • location.href • location.pathname • location.hash • location.search

    Sink: • innerHTML() • eval() • document.write() • location.replace()
  3. ใࠂॻͷߏ੒ͷྫ 1.Description - ੬ऑੑͷઆ໌ • ͲΜͳػೳ? • Ͳ͏͍ͬͨ੬ऑੑ? 2.Step to

    Reproduce - ࠶ݱखॱ • Ұૢ࡞Ұखॱ͕Θ͔Γ΍͘͢ॻ͘ίπ 3.Impact - ڴҖ • ͜ͷ੬ऑੑʹΑͬͯԿ͕৵֐͞ΕΔͷ͔Λઆ໌͢Δ
  4. όάϋϯλʔͷϒϩά΍SNSΞΧ΢ϯτ • Frans Rosén - detectify labs • bl4de -

    @_bl4de • Emad Shanab - @Alra3ees • EdOverflow - edoverflow.com • INFOSEC WRITE-UPS