hatena-diary-blog-xss

Transcript

1. μΠΞϦʔͱϒϩάͱ 944 גࣜձࣾ͸ͯͳ 
   JEPOJTIJ !4IJCVZB944
   JO
   0TBLB

2. ࣗݾ঺հ wJEPOJTIJ
   
   େ੢߁༟ wגࣜձࣾ͸ͯͳ wνʔϑΤϯδχΞ
   w͸ͯͳϒϩά
   σΟϨΫλʔ

3. ͸ͯͳͱݴ͑͹944

4. ͸ͯͳφ΢

5. ͸ͯͳφ΢

6. ͸ͯͳͱ944 wਓྗݕࡧ͸ͯͳ
   
   
   
   
   
   
   RIBUFOBOFKQ w͸ͯͳΞϯςφ
   
   
   
   
   
   
   BIBUFOBOFKQ w͸ͯͳμΠΞϦʔ
   
   
   
   EIBUFOBOFKQ w͸ͯͳϒοΫϚʔΫ
   CIBUFOBOFKQ

7. ͸ͯͳͱ944 wಉҰυϝΠϯɾಉҰΫοΩʔʹΑΔ Ϣʔβʔೝূ wΫοΩʔΛୣΘΕͨΒηογϣϯϋ ΠδϟοΫ͞ΕಘΔ

8. ͸ͯͳμΠΞϦʔ w೥ϦϦʔεͷϒϩάαʔϏε w؅ཧը໘ͱϒϩάը໘͕ಉҰυϝΠϯ wϒϩάαʔϏε
   ˠ
   Ϣʔβʔίϯςϯπ

9. ͦͷ৔ฤू 

10. ͦͷ৔ฤू 

11. Ϣʔβʔίϯςϯπ w޷͖ͳ͜ͱΛॻ͖͍ͨ
    w޷͖ͳσβΠϯʹ͍ͨ͠ w޷͖ͳϒϩάύʔπΛ࢖͍͍ͨ

12. Ϣʔβʔརศੑͱ ҆શੑͷཱ྆

13. Ϣʔβʔίϯςϯπ w޷͖ͳ͜ͱΛॻ͖͍ͨ
    ˠ
    )5.-
    944 w޷͖ͳσβΠϯʹ͍ͨ͠
    ˠ
    $44
    944 w޷͖ͳϒϩάύʔπΛ࢖͍͍ͨ
    ˠ
    ººº

14. )5.-
    ͷ
    944
    ରࡦ wར༻Մೳཁૉ wར༻Մೳଐੑ wελΠϧཁૉ wΠϯϥΠϯ$44

15. ஫ҙ͢΂͖ཁૉ wTDSJQU wPCKFDU wFNCFE wJGSBNF wTUZMF w

16. ஫ҙ͢΂͖ଐੑ wΠϕϯτϋϯυϥ
    PODMJDL
    PO wKBWBTDSJQUεΩʔϚ͕ॻ͚Δཁૉ wISFG
    TSD
    DJUF
     wTUZMF wޙड़

17. ͸ͯͳμΠΞϦʔͷ944ରࡦ wར༻Մೳཁૉ
    ˠ
    ϗϫΠτϦετܗࣜ wར༻Մೳଐੑ
    ˠ
    ϗϫΠτϦετܗࣜ wಛఆͷཁૉɾଐੑ
    ˠ
    ઐ༻ͷରࡦ wεΩʔϜରࡦ wελΠϧରࡦ

18. $44ͷ944ରࡦ wFYQSFTTJPO
    ରࡦ w!JNQPSU
    ରࡦ

19. FYQSFTTJPO color: expression( error ? 'red' : 'blue');

20. FYQSFTTJPO
    
    ίϝϯτ expr/* ίϝϯτ */ession

21. FYQSFTTJPO
    
    ίʔυϙΠϯτ \0065xpression

22. FYQSFTTJPO
    
    શ֯ ̴̴̸͇̿́͂͂̾̽

23. FYQSFTTJPO
    
    ਺஋จࣈ <p style="{ color: &#x65;xpression('blue') }">

24. FYQSFTTJPO
    
    ҟମ expressio\207f expressioⁿ ˣ

25. !JNQPSU w!JNQPSU
    ઌΛల։͢Δ w!JNQPS
    !JNQP
    !JNQ
    !JN
    !J

26. ϒϩάύʔπͷ944ରࡦ wϗϫΠτϦετܗࣜ wIUUQTNFUBDQBOPSHSFMFBTF )5.-8JEHFU7BMJEBUPS

27. ϒϩάύʔπͷ944ରࡦ wϒϩάόʔπࣗ਎ʹ੬ऑੑ͕͋Δ wυϝΠϯࣦޮ
    ˠ
    ѱҙΛ࣋ͬͨ+4࣮ߦ

28. 944ରࡦ
    ৄ͘͠͸ wϔϧϓ
    
    ͸ͯͳμΠΞϦʔ944ରࡦ wIUUQIBUFOBEJBSZHIBUFOBOFKQ LFZXPSE͸ͯͳμΠΞϦʔ944ରࡦ

29. ͸ͯͳͱݴ͑͹944

30. None

31. ͸ͯͳϒϩά w
    ϦϦʔε wIUUQIBUFOBCMPHDPN w IBUFOBOFKQ
    ͡Όͳ͍ॳͷຊαʔϏε w+4ϑϦʔ

32. ϔομͷJGSBNFԽ iframe blog.hatena.ne.jp onishi.hatenablog.com

33. ͦͷ৔ฤू 

34. ͦͷ৔ฤू 

35. ΫϩευϝΠϯ௨৴  wXJOEPXQPTU.FTTBHF w΢Οϯυ΢ ϑϨʔϜ ؒͰϝοηʔδͷ ૹड৴Λߦ͏ͨΊͷ࢓૊Έ // message Πϕϯτ؂ࢹ

    window.addEventListener(“message”, function() {...}, false); // message ૹ৴ window.postMessage(data, “targetOrigin”);

36. ΫϩευϝΠϯ௨৴  wQPTU.FTTBHFඇରԠϒϥ΢β ݹ͍*& wMPDBUJPOIBTI
    ʹΑΔυϝΠϯؒ௨৴ wϑϨʔϜͷ
    MPDBUJPOIBTI
    ॻ͖׵͑ wϑϨʔϜ಺͸
    MPDBUJPOIBTI
    ͷมԽ Λ؂ࢹ w5$1෩σʔλ௨৴ w63-௕੍ݶ

    *&ͰόΠτ ʹΑΔύ έοτ෼ׂ

37. ΫϩευϝΠϯ௨৴ͷར༻ wͦͷ৔ฤू wӾཡऀͷฤूݖݶ֬ೝ
    w͸ͯͳελʔ wίϝϯτ w௨஌ wϑΟʔυόοΫϑΥʔϜ

38. αʔυύʔςΟ$PPLJF wJGSBNF
    ΍
    TDSJQU
    ཁૉͰຒΊࠐ·Εͨ ֎෦Ϧιʔεʹ$PPLJFΛૹ৴͢Δ͔ w'JSFGPY
    
    ͔Β
    σϑΥϧτ0'' wJGSBNFʹΑΔΫϩευϝΠϯ௨৴͕࢖ ͑ͳ͍

39. αʔυύʔςΟ$PPLJF
    0''
    ରࡦ wCMPHIBUFOBOFKQ
    υϝΠϯͷ
    "1*
    Ξ Ϋηε
    DPPLJF
    ૹ৴͋Δ͔νΣοΫ wJGSBNF
    ͔Β
    XJOEPXPQFO
    ʹ͢Δ wϢʔβʔ৘ใ͕औΕͳ͍ͷͰ୅ସ৘ ใΛදࣔ͢Δ

40. JGSBNF

41. JGSBNF

42. XJOEPXPQFO

43. ୅ସϔομ

44. ΞΫηείϯτϩʔϧ wϒϩάͷ͸ϓϥΠϕʔτ wೝূͷ࢓૊ΈͷෳࡶԽ w֎෦ͷιʔγϟϧάϥϑೝূ wηογϣϯϋΠδϟοΫ๷ࢭ wϒϩάຖʹผυϝΠϯ wผϢʔβʔʹ࿙Εͯ΋ͳΔ΂͘໰୊ͳ͍ wηογϣϯຖʹ%#ΞΫηε͠ͳ͍

45. ΞΫηείϯτϩʔϧ  ॳճΞΫηε࣌ͷΈೝূػ͕ؔ %#ΛҾ͘  UPLFO෇ͰϒϩάʹϦμΠϨΫτ  ϒϩάຖʹӾཡ༻DPPLJFΛൃߦ  ΞΫηε࣌ʹ͸DPPLJFͷଥ౰ੑ

    ݕূͷΈ ೝূػؔ .hatena.ne.jp ϒϩά anydomain Ϣʔβʔ

46. ΞΫηείϯτϩʔϧ   ॳճΞΫηε࣌ͷΈೝূػ͕ؔ %#ΛҾ͘ UPLFO෇ͰϒϩάʹϦμΠϨΫτ  ϒϩάຖʹӾཡ༻DPPLJFΛൃߦ  ΞΫηε࣌ʹ͸DPPLJFͷଥ౰ੑ

    ݕূͷΈ ೝূػؔ .hatena.ne.jp ϒϩά anydomain Ϣʔβʔ UPLFO

47. ΞΫηείϯτϩʔϧ   ॳճΞΫηε࣌ͷΈೝূػ͕ؔ %#ΛҾ͘  UPLFO෇ͰϒϩάʹϦμΠϨΫτ ϒϩάຖʹӾཡ༻DPPLJFΛൃߦ  ΞΫηε࣌ʹ͸DPPLJFͷଥ౰ੑ

    ݕূͷΈ ೝূػؔ .hatena.ne.jp ϒϩά anydomain Ϣʔβʔ DPPLJF

48. ΞΫηείϯτϩʔϧ   ॳճΞΫηε࣌ͷΈೝূػ͕ؔ %#ΛҾ͘  UPLFO෇ͰϒϩάʹϦμΠϨΫτ  ϒϩάຖʹӾཡ༻DPPLJFΛൃߦ ΞΫηε࣌ʹ͸DPPLJFͷଥ౰ੑ

    ݕূͷΈ ೝূػؔ .hatena.ne.jp ϒϩά anydomain Ϣʔβʔ

49. ΫϦοΫδϟοΩϯάରࡦ w9'SBNF0QUJPOT
    %&/: wϑϨʔϜ༻ͷཁૉ͸໌ࣔతʹڐՄ wͦͷ৔߹ɺ*/165ཁૉͷมߋΛ؂ࢹ

50. ΫϦοΫδϟοΩϯάରࡦ

51. ·ͱΊ w͸ͯͳμΠΞϦʔ wIBUFOBOFKQ
    υϝΠϯͳͷͰపఈ͠ ͨϗϫΠτϦετରࡦ w͸ͯͳϒϩά wಠࣗυϝΠϯ
    
    ΫϩευϝΠϯ௨৴

52. ਓࡐืू wגࣜձࣾ͸ͯͳͰ͸ΤϯδχΞͦͷଞ શ৬छΛืू͍ͯ͠·͢ wҰॹʹϒϩάΛ࡞Γ·͠ΐ͏ʂ www.hatena.ne.jp/company/staff

53. αϚʔΠϯλʔϯ w
    
    
    िؒ w8FCαʔϏε։ൃίʔε
    ໊ఔ౓ wେن໛γεςϜݚڀίʔε
    ໊ఔ౓ wۙʑืू։࢝͠·͢ʂʂ developer.hatenastaff.com