[B! security] todeskingã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

todesking id:todesking

securityã«é–¢ã™ã‚‹todeskingã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (19)

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

${{author_name}}$
{{author_name}}{{created}}
{{ #comment }}{{ comment }}{{ /comment }}
- {{ label }}

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

ã¯ã¦ãªãƒ€ã‚¤ã‚¢ãƒªãƒ¼ã®ãƒ˜ãƒ«ãƒ— - ã¯ã¦ãªãƒ€ã‚¤ã‚¢ãƒªãƒ¼XSSå¯¾ç–
ã¯ã¦ãªãƒ–ãƒã‚°ã®ãƒ˜ãƒ«ãƒ—ã§ã™
todesking 2007/03/29
ã“ã‚Œã‚‰ã®å¯¾ç–ã‚’ã—ã¦ãªã‹ã£ãŸã‚‰ã©ã†ãƒã‚¯ã‚Œã‚‹ã®ã‹ï¼Ÿã‚’è€ƒãˆã¦ã¿ã‚‹ã®ã‚‚ä¸€èˆˆã€‚

security
ãƒªãƒ³ã‚¯
http://cgi36.plala.or.jp/tera5/v/security/webap_sec2/chap01.html
todesking 2007/02/08
ã¾ã¨ã¾ã£ã¦ãŠã‚‹

security

ã¾ã¨ã‚
ãƒªãƒ³ã‚¯
ãã‚Œ Unicode ã§
UTF-7 ã‚’ä½¿ã£ã¦ã‚¹ã‚¯ãƒªãƒ—ãƒˆã‚’è¨˜è¿° +ADw-SCRIPT+AD4-alert(\'XSS\');+ADw-+AC8-SCRIPT+AD4- IE ã¯ã€æ–‡å—ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‡ã‚£ãƒ³ã‚°ãŒä¸æ˜Žã§ UTF-7 ã£ã½ã„æ–‡å—åˆ—ãŒã‚ã‚Œã°ã€è‡ªå‹•åˆ¤åˆ¥ã§ UTF-7 ã¨ãªã‚‹ã€‚
todesking 2006/12/13
unicodeã§æ–‡å—åˆ—ãƒã‚§ãƒƒã‚¯ã™ã‚ŠæŠœã‘ã¦ã‚‚ã«ã‚‡ã‚‚ã«ã‚‡

hack

security
ãƒªãƒ³ã‚¯
AAã§å›³è§£!ãšã°ã‚Šä¸€ç›®ã§å…¨ãè§£ã‚‰ãªã„ã‚³ãƒ³ãƒ”ãƒ¥ãƒ¼ã‚¿ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£
æœ€çµ‚æ›´æ–°æ—¥: Wednesday, 29-Nov-2006 02:46:05 JST Webãƒã‚° CSRF (Cross Site Request Forgeries) DoS (ã‚µãƒ¼ãƒ“ã‚¹æ‹’å¦) ã‚µãƒ‹ã‚¿ã‚¤ã‚º ã‚ªãƒ¬ã‚ªãƒ¬è¨¼æ˜Žæ›¸ Cookie Monster SQL ã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³ HTTP Response Splitting (ãƒ¬ã‚¹ãƒãƒ³ã‚¹åˆ†å‰²) HTTPã®ãƒšãƒ¼ã‚¸ã®ãƒ•ãƒ¬ãƒ¼ãƒ ã«HTTPSã®ãƒšãƒ¼ã‚¸ã‚’è¡¨ç¤º ãƒãƒƒãƒ•ã‚¡ã‚ªãƒ¼ãƒãƒ¼ãƒ•ãƒãƒ¼ ãƒ•ã‚£ãƒƒã‚·ãƒ³ã‚° Forceful Browsing (å¼·åˆ¶ãƒ–ãƒ©ã‚¦ã‚º) ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚° ã‚¼ãƒãƒ‡ã‚¤(0day)æ”»æ’ƒ ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªãƒˆãƒ©ãƒãƒ¼ã‚µãƒ« ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚¤ã‚¸ãƒ£ãƒƒã‚¯ æ¨©é™æ˜‡æ ¼ OS ã‚³ãƒžãƒ³ãƒ‰ã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³ ã‚ªãƒ¼ãƒ—ãƒ³ãƒ—ãƒã‚ã‚· Webãƒã‚° ï¼¼ã€€ã€€__ã€€ã€€ï¼ ï¼¿ã€€ï¼ˆï½ï¼‰ã€€ï¼¿ãƒ“ãƒ¼ã‚³ãƒ¼ãƒ³ |ãƒŸ| ï¼ ã€€ï½€Â´ã€€ ï¼¼ ('A`
todesking 2006/11/27
ã“ã‚Œã¯ã‚ã‹ã‚Šã‚„ã™ã„ï¼

security
ãƒªãƒ³ã‚¯
Wizard Bible
Wizard Bibleã¯2018å¹´4æœˆ22æ—¥24æ™‚ã«é–‰éŽ–ã—ã¾ã—ãŸã€‚ æŠ•ç¨¿è€…ã‚„èªè€…ã®çš†æ§˜ã€ã“ã‚Œã¾ã§ã®é–“æœ¬å½“ã«ã‚ã‚ŠãŒã¨ã†ã”ã–ã„ã¾ã—ãŸã€‚ ã€2021å¹´6æœˆ27æ—¥æ›´æ–°ã€‘ Wizard Bibleã®è¨ç«‹ã‹ã‚‰é–‰éŽ–ã¾ã§ã«è‡³ã‚‹éŽç¨‹ã‚’è©³ç´°ã«è¿°ã¹ãŸæœ¬ãŒå‡ºã‚‹ã“ã¨ã«ãªã‚Šã¾ã—ãŸã€‚ ã€ŽWizard Bibleäº‹ä»¶ã‹ã‚‰è€ƒãˆã‚‹ã‚µã‚¤ãƒãƒ¼ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã€åŸ·ç†ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆ èˆˆå‘³ã®ã‚ã‚‹æ–¹ã¯æ˜¯éžèªã‚“ã§ã¿ã¦ãã ã•ã„ã€‚ Security Akademeiaã«æˆ»ã‚‹
todesking 2006/11/08
ã¾ã•ã«ã‚¢ãƒ³ã‚°ãƒ©ã‚¹ã‚¿ã‚¤ãƒ«ã€‚

security

ã‚ˆã¿ã‚‚ã®
ãƒªãƒ³ã‚¯
ywcafe.net
ywcafe.net This Page Is Under Construction - Coming Soon! Why am I seeing this 'Under Construction' page? Trademark Free Review our Privacy Policy Service Agreement Legal Notice
todesking 2006/11/07
ã“ã‚Œã¯è¦šãˆã¦ãŠã“ã†ã€‚

network

security
ãƒªãƒ³ã‚¯
[LAC]ãƒ©ãƒƒã‚¯ã®ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ç ”ç©¶æ‰€ãŒæä¾›ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹å®‰å…¨ã‚¬ã‚¤ãƒ‰
æƒ…å ±ã‚’å®ˆã‚Šã€æœªæ¥ã‚’å‰µé€ ã™ã‚‹ãƒ‘ã‚¤ã‚ªãƒ‹ã‚¢ã¨ã—ã¦ã®ä¿¡é ¼ã¨è‡ªä¿¡ã§ã€ã‚‚ã£ã¨å…ˆã¸ æœ€é«˜å³°ã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚µãƒ¼ãƒ“ã‚¹ã¨ã€ITãƒˆãƒ¼ã‚¿ãƒ«ã‚½ãƒªãƒ¥ãƒ¼ã‚·ãƒ§ãƒ³ã‚’æä¾›ã—ã¾ã™ã€‚ ã‚‚ã£ã¨çŸ¥ã‚‹
todesking 2006/10/21
DBã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£å¯¾ç–ã¾ã¨ã‚

db

security
ãƒªãƒ³ã‚¯
ç§‹å…ƒ@ã‚µã‚¤ãƒœã‚¦ã‚ºãƒ©ãƒœãƒ»ãƒ—ãƒã‚°ãƒ©ãƒžãƒ¼ãƒ»ãƒ–ãƒã‚°: Google Code Search ã®ã‚¢ãƒ¬ãªæ´»ç”¨æ³•ãŒç¶šã€…ã¨
é€±3æ—¥å‹¤å‹™ã€‚æ®‹ã‚Š4æ—¥ã¯è‹±èªžãƒ–ãƒã‚°ã‚¢ã‚¸ã‚¢ã‚¸ãƒ³ã‚„The Japan Timesç‰ã§æ´»å‹•ã—ã¦ãŠã‚Šã¾ã™ã€‚é€£çµ¡å…ˆã¯ã€Œå§“@gmail.comã€ã§ã™ã€‚ Googleã®ä¸€èˆ¬æ¤œç´¢ã§ã‚‚ã€ç¤¾å¤–ç§˜æƒ…å ±ã®å…¥ã£ãŸExcelã‚’æ¤œç´¢ã—ãŸã‚‰ã„ã‚ã„ã‚å‡ºã¦ããŸ(å‚è€ƒ ã€ å…¬é–‹Webã‚µãƒ¼ãƒã‹ã‚‰æ©Ÿå¯†æƒ…å ±ã‚’å¼•ãå‡ºã™ã€ŒGoogleãƒãƒƒã‚ãƒ³ã‚°ã€ã®è„…å¨ã¨ã€ãã®å¯¾ç–)ã¨ã„ã£ãŸè©±ã‚‚ã‚ã‚‹ã—ã€ã¤ã„æœ€è¿‘ã¯Google Calendarã§æ˜Žã‚‰ã‹ã«å…¬é–‹æƒ…å ±ã˜ã‚ƒãªã„ã„ã‚ã‚“ãªäººã®äºˆå®šãŒæ¤œç´¢ã§ãã‚‹ã¨ã„ã†æŒ‡æ‘˜ã‚‚è©±é¡Œã«ãªã£ãŸã€‚ ã¨ã„ã†ã“ã¨ã§ã€æ˜¨æ—¥ãƒªãƒªãƒ¼ã‚¹ã•ã‚ŒãŸGoogleã‚³ãƒ¼ãƒ‰æ¤œç´¢ã§ã‚‚ã€ã•ã£ããè‰²ã€…ãªã€Œãƒ¤ãƒã‚¤ã€æŒ‡æ‘˜ãŒã€‚ kottke.org ã§ã¯ä»¥ä¸‹ã®ã‚ˆã†ãªæ¤œç´¢ä¾‹ãŒ åœ§ç¸®ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã®æš—å·ç”Ÿæˆéƒ¨åˆ†ã®ã‚½ãƒ¼ã‚¹ ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ã‚’åŸ‹ã‚è¾¼ã‚“ã ãƒ–ãƒã‚°ã‚·ã‚¹ãƒ†ãƒ ã®ã‚½ãƒ¼ã‚¹ ãƒãƒƒãƒ•ã‚¡ãƒ¼ã‚ªãƒ¼ãƒãƒ¼ãƒ•ãƒãƒ¼è„†å¼±æ€§ãŒã‚ã‚Šãã†ãªã‚½ãƒ¼ã‚¹ å…¬é–‹ã•ã‚Œã‚‹ã¹ãã§ãªã„ã€ã¨æ›¸ã„ã¦ã‚ã‚‹ã‚½ãƒ¼ã‚¹ æ„šç—´ã£ãŸã‚Šã€ç½µã£
todesking 2006/10/06
ã‚°ã‚°ãƒ«ã‚³ãƒ¼ãƒ‰ã‚µãƒ¼ãƒã§ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ãƒ›ãƒ¼ãƒ«æŽ¢ã—ã¨ã‹ã€‚ã¿ã‚“ãªå‡„ã„ã‚ˆãªã‚ã€‚æ ¼ã®é•ã„ã¨è¨€ã†ã‹ã€‚

hack

security
ãƒªãƒ³ã‚¯
ã‚´ãƒ¼ãƒ«ãƒ‡ãƒ³ã‚¿ã‚¤ãƒ ã«æ›´æ–°ã™ã‚‹ã®ã«ã¯ç†ç”±ãŒã‚ã‚‹ã®ã ã‚ˆ - æ“æ¥½å¶ã‚ã¬ç´éª¨å ‚åºåœ’
ã€Œ304 Not Modified ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆã®ã‚´ãƒ¼ãƒ«ãƒ‡ãƒ³ã‚¿ã‚¤ãƒ ã¨ã‚µã‚¤ãƒˆã®æ›´æ–°æ™‚é–“ã€ã‚’èªã‚“ã§ã€‚ ã€Œ21:00ã€œ24:00 ã‚ãŸã‚ŠãŒã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆã®ã‚´ãƒ¼ãƒ«ãƒ‡ãƒ³ã‚¿ã‚¤ãƒ ã€ã¨ã„ã†äº‹ãªã®ã ãã†ã ã€‚ã¾ãªã‚æ°ã¯ãã®ã‚´ãƒ¼ãƒ«ãƒ‡ãƒ³ã‚¿ã‚¤ãƒ ã‚’é¿ã‘ã¦æ›´æ–°ã‚’ã•ã‚Œã¦ã„ã‚‹ã‚ˆã†ã ãŒã€ç§ã®æ›´æ–°ã¯ãã®æ™‚é–“å¸¯ã«ãã£ã¡ã‚Šå…¥ã£ã¦ã„ã‚‹ãªã€‚ ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆã£ã¦çµå±€ã¯èªã¿é£›ã°ã—ã®æ–‡åŒ–ã«ãªã£ã¦ã—ã¾ã„ãŒã¡ãªã‚“ã§ã™ã€‚ä»–ã®ãƒ–ãƒã‚°ãŒæ›´æ–°ã•ã‚Œã‚‹ä¸ã§è‡ªåˆ†ã‚‚æ›´æ–°ã—ãŸã‚‰ã€ä¾‹ãˆã°10å€‹ã®ä¸ã®1å€‹ã«ãªã£ã¦ã—ã¾ã†ã‚“ã§ã™ã€‚ã—ã‹ã—ã€ä»–ã®ã‚µã‚¤ãƒˆãŒæ›´æ–°ã•ã‚Œãªã„æ™‚é–“ã®ä¸ãªã‚‰ã€2å€‹ã®ä¸ã®1å€‹ã«ãªã‚‹ã¨æ€ã†ã‚“ã§ã™ã€‚ãã†ãªã£ãŸã‚‰ã€å¾Œè€…ã®æ–¹ãŒè‡ªåˆ†ã®è¨˜äº‹ã‚’ã˜ã£ãã‚Šèªã‚“ã§ã‚‚ã‚‰ãˆã‚‹ã¨æ€ã„ã¾ã›ã‚“ã‹ï¼Ÿ ç¢ºã‹ã«ãã†ã ã€‚ç§ã‚‚ãã‚Œã¯åˆ†ã‹ã£ã¦ã„ã‚‹ã€‚ã ã‹ã‚‰ã€ã‚ˆã‚Šå¤šãã®äººã«èªã‚“ã§è²°ã„ãŸã„ã¨æ€ã£ã¦ã„ãŸã‚‰ã€ã‚´ãƒ¼ãƒ«ãƒ‡ãƒ³ã‚¿ã‚¤ãƒ ã«æ›´æ–°ã™ã‚‹ã®ã¯é¿ã‘ãŸæ–¹ãŒã„ã„ã ã‚ã†ã€‚ã ãŒã€æ°ã‚‚è¨€ã‚ã‚Œã¦ã„ã‚‹ã‚ˆã†ã«ä¼šç¤¾å‹¤ã‚ã‚’ã—ã¦ã„ã‚Œ
todesking 2006/08/30
hack

security
ãƒªãƒ³ã‚¯
ã‚»ãƒŸãƒŠãƒ¼ç”³ã—è¾¼ã¿ãƒ•ã‚©ãƒ¼ãƒ ãŒã‚¹ãƒ‘ãƒ ã®è¸ã¿å°ï¼Ÿ
ã‚»ãƒŸãƒŠãƒ¼ç”³ã—è¾¼ã¿ãƒ•ã‚©ãƒ¼ãƒ ãŒã‚¹ãƒ‘ãƒ ã®è¸ã¿å°ï¼Ÿï¼šæ˜Ÿé‡Žå›ã®Webã‚¢ãƒ—ãƒªã»ã®ã¼ã®æ”¹é€ è¨ˆç”»ï¼ˆ1ï¼‰ï¼ˆ1/4 ãƒšãƒ¼ã‚¸ï¼‰ æœ7æ™‚ã€‚ã„ã¤ã‚‚ã‚ˆã‚Š30åˆ†æ—©ãèµ·ãã‚‹ã€‚æ˜Ÿé‡Žå›ã€27æ³ã®ç§‹ã€‚ ä»Šæ—¥ã¯ã€æ˜Ÿé‡Žå›ãŒã‹ãã¦å¸Œæœ›ã—ã¦ã„ãŸWebæ‹…å½“ã¸é…å±žæ›¿ãˆã«ãªã‚‹æ—¥ã€‚æ˜Ÿé‡Žå›ã®ä¼šç¤¾ã§ã¯å‰µç«‹è¨˜å¿µæ—¥ã®ä»Šæ—¥ã‚’æ©Ÿã«ã€Webã«åŠ›ã‚’å…¥ã‚Œã‚‹ãŸã‚ã®æ–°ã—ã„ãƒãƒ¼ãƒ ãŒç™ºè¶³ã™ã‚‹ã®ã ã€‚ è¶³å–ã‚Šã‚‚è»½ãã€æ˜Ÿé‡Žå›ã¯ä¼šç¤¾ã¸å‡ºç¤¾ã™ã‚‹ã€‚ã¾ã ã€ã€ŒWebæ‹…å½“ã«ãªã‚‹ã€ã¨ã„ã†ã“ã¨ä»¥å¤–ã€å…·ä½“çš„ãªã“ã¨ã¯ä¸€åˆ‡çŸ¥ã‚‰ã•ã‚Œã¦ã„ãªã„ãŒã€ã¨ã¦ã‚‚ã‚ãã‚ãã—ã¦ã„ã‚‹ã€‚ ã“ã®ä¼šç¤¾ã§ã¯ã€äººäº‹ç™ºä»¤ãŒã‚ã‚‹ã¨ãã¯1äººãšã¤ç¤¾é•·å®¤ã«å‘¼ã°ã‚Œã‚‹ã€‚æ˜Ÿé‡Žå›ãŒè‡ªå¸ã§ãã‚ãã‚ã—ã¦ã„ã‚‹ã¨ã€ä¸€ç•ªã«å£°ãŒæŽ›ã‹ã£ãŸã€‚ ç¤¾é•·ã€€ã€Œæ˜Ÿé‡Žå›ã€å…¥ã‚Šãªã•ã„ã€ æ˜Ÿé‡Žå›ã¯2å¹´ã»ã©å‰ã«ã“ã®ä¼šç¤¾ã¸è»¢è·ã—ã¦ããŸã€‚å‰è·ã§ã¯ã€ç°¡å˜ãªWebã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã®ä½œæˆã‚„Flashä½œæˆãªã©ã®ã‚³ãƒ¼ãƒ‡ã‚£ãƒ³ã‚°ãŒä¸å¿ƒã®Webãƒ‡ã‚¶ã‚¤ãƒ³ã®ä»•äº‹ã‚’ã—ã¦ã„ãŸã€‚Webãƒ‡ã‚¶ã‚¤ãƒ³ã®ä»•äº‹ã‚’å¸Œæœ›
todesking 2006/08/26
webappã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£é–¢ä¿‚ã€‚

security

SQL
ãƒªãƒ³ã‚¯
é«˜æœ¨æµ©å…‰ï¼ è‡ªå®…ã®æ—¥è¨˜ - ä¸€æ—¥ä¸å¹¼å…ãŸã¡ã®æ˜ åƒã‚’ä¸ç‰¹å®šå¤šæ•°ã«å…¬è¡†é€ä¿¡ã—ã¦ã„ã‚‹ä¿è‚²æ‰€, è¿½è¨˜ï¼ˆ19æ—¥ï¼‰
â– ä¸€æ—¥ä¸å¹¼å…ãŸã¡ã®æ˜ åƒã‚’ä¸ç‰¹å®šå¤šæ•°ã«å…¬è¡†é€ä¿¡ã—ã¦ã„ã‚‹ä¿è‚²æ‰€ åã©ã‚‚å®ˆã‚‹IT â€”â€”å¦æ ¡ã§é§…ã§è¡—ã§, æœæ—¥ã‚ãã‚ããƒãƒƒãƒˆ, 2005å¹´9æœˆ28æ—¥ ãƒãƒƒãƒˆä¸ç¶™ å¹¼ç¨šåœ’ã§ã®ç¬‘é¡”æº€é–‹ï¼è·å ´ã§å®¶ã§è¦ªå®‰å¿ƒ ï¼ˆç•¥ï¼‰ã“ã†ã—ãŸã‚·ã‚¹ãƒ†ãƒ ã§ã¯ã€ä¿è·è€…ã‚‰ã«ã¯å°‚ç”¨ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ã‚’é…å¸ƒã—ã¦æ˜ åƒãŒè¦‹ã‚‰ã‚Œã‚‹ã‚ˆã†ã«ã™ã‚‹ãŒã€æ¨©é™ã®ãªã„éƒ¨å¤–è€…ã«ã¯æ˜ åƒã‚’è¦‹ã›ãªã„ã®ãŒæ™®é€šã ã€‚ã—ã‹ã—ã€åŒä¿è‚²æ‰€ã¯ã€Œä¿è‚²æ‰€ã«èˆˆå‘³ã‚’æŒã£ã¦ã»ã—ã„ã€ã¨ã€ä¸€èˆ¬ã«ã‚‚æ˜ åƒã‚’å…¬é–‹ã—ã¦ã„ã‚‹ã€‚ã‚‚ã£ã¨ã‚‚ã€åã©ã‚‚ã®å®‰å…¨ã‚’å®ˆã‚‹ãŸã‚ã€ã‚«ãƒ¡ãƒ©ã®ã‚ºãƒ¼ãƒ ã‚¢ãƒƒãƒ—ã¯ã§ããªã„ã‚ˆã†ã«ã—ã¦ãŠã‚Šã€ä¿è·è€…ã§ã‚‚ãªã„é™ã‚Šã€æ˜ åƒã§åã©ã‚‚ã®è¦‹åˆ†ã‘ã¯ã§ããªã„ã€‚ ã¨ã„ã†è¨˜äº‹ãŒã‚ã£ãŸã€‚ã€Œè¥¿è„‡ä¿è‚²æ‰€ã€ã§æ¤œç´¢ã—ã¦ã¿ã‚‹ã¨è¦‹ã¤ã‹ã£ãŸã€‚ ç¤¾ä¼šç¦ç¥‰æ³•äºº è¥¿è„‡ä¿è‚²æ‰€ ãƒ©ã‚¤ãƒ–æ˜ åƒ ãŸã—ã‹ã«ã€èª°ã§ã‚‚ãƒ©ã‚¤ãƒ–æ˜ åƒã‚’è¦‹ã‚‰ã‚Œã‚‹ã‚ˆã†ã«ãªã£ã¦ã„ã‚‹ã€‚ä»Šè¦‹ãŸã¨ã“ã‚ã€ãƒ—ãƒ¼ãƒ«ã‹ã‚‰å‡ºãŸå¥³å…ãŸã¡ãŒå…¨è£¸ã«ãªã£ã¦ç€æ›¿ãˆã¦ã„ã‚‹æ§˜åãŒæ˜ ã£ã¦ã„ãŸã€‚ ã€Œæ˜ åƒã§åã©ã‚‚ã®
todesking 2006/08/19
â€œãƒ—ãƒ¼ãƒ«ã‹ã‚‰å‡ºãŸå¥³å…ãŸã¡ãŒå…¨è£¸ã«ãªã£ã¦ç€æ›¿ãˆã¦ã„ã‚‹æ§˜åãŒæ˜ ã£ã¦ã„ãŸâ€ï¼ˆç¬‘ï¼‰

ã“ã©ã‚‚

security
ãƒªãƒ³ã‚¯
Route 477(2006-08-02)
â– [ruby] XSS - è¡¨ç¤ºç³»ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã«å˜åœ¨ã™ã‚‹ç›²ç‚¹ : Rubyã®å ´åˆ Ruby+ERBã ã¨ <a href="http://example.com/test.cgi?id=<%= id %>">hoge</a> ã¿ãŸã„ãªæ›¸ãæ–¹ã¯å±é™ºã§ã€ <a href="http://example.com/test.cgi?id=<%=u id %>">hoge</a> ã®ã‚ˆã†ã«ã—ã‚ˆã†ã£ã¦ã“ã¨ã§ã„ã„ã®ã‹ãªï¼ Ruby+ERBã§CGIã‚’æ›¸ãã¨ãã¯ã€ åŸºæœ¬çš„ã«ã€<%= str %>ã§ã¯ãªã <%=h str %> ã‚’ä½¿ã†ã€‚ a hrefã®URLã®ä¸ã«åŸ‹ã‚è¾¼ã‚€ã¨ãã¯ <%=u str%>ã‚’ä½¿ã†ã€‚ ã©ã†ã—ã¦ã‚‚strã®ä¸ã§HTMLã‚¿ã‚°ã‚’ä½¿ã„ãŸã„ã¨ãã ã‘ã€<%= str %> (ã‚¨ã‚¹ã‚±ãƒ¼ãƒ—ãªã—)ã‚’ä½¿ã†ã€‚ ã¨ã„ã†æ„Ÿã˜ã§ã‚„ã£ã¦ã¾ã™ã€‚ ãƒˆãƒ©ãƒƒã‚¯ãƒãƒƒã‚¯ã•ã‚Œã¦ã„ã‚‹è¨˜äº‹ã«ã‚‚ã‚ã‚‹ã‘ã©ã€ã„ã¡ã„ã¡ ã€Œç„¡å®³åŒ–ã™ã‚‹å¿…è¦ãŒã‚ã‚‹
todesking 2006/08/03
<%=ã¯ã‚¨ã‚¹ã‚±ãƒ¼ãƒ—ã—ãªã„ã®ã§æ³¨æ„ã€‚<%=h ã€<%=uã‚’åˆ©ç”¨ã—ã‚ã¨ã„ã†è©±ã€‚

security

rails
ãƒªãƒ³ã‚¯
XSS - è¡¨ç¤ºç³»ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã«å˜åœ¨ã™ã‚‹ç›²ç‚¹ :: ã¼ãã¯ã¾ã¡ã¡ã‚ƒã‚“ï¼
ã“ã‚“ã«ã¡ã¯ã“ã‚“ã«ã¡ã¯ï¼ï¼ ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚°ã®æ™‚é–“ã§ã™ï¼ XSSã¨ã„ã†ã¨â€¦ï¼ ã¾ã£ã•ãã«æ€ã„ã¤ãã®ãŒã€å…¥åŠ›ãƒ‡ãƒ¼ã‚¿é€ä¿¡ â†’ ç¢ºèªè¡¨ç¤ºã®éƒ¨åˆ†ã§ã®ç„¡å®³åŒ–æ¼ã‚Œã§ã™ã‚ˆãï¼ ãŸã¨ãˆã°ã“ã‚“ãªæ„Ÿã˜ã®ãƒ•ã‚©ãƒ¼ãƒ ã‹ã‚‰å—ã‘å–ã£ãŸãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã‚’ã€ ç¢ºèªã¨ã—ã¦è¡¨ç¤ºã™ã‚‹ãƒšãƒ¼ã‚¸ã¨ã‹ï¼ (å…¥åŠ›) <form action="register.cgi" method="post"> ã‚¿ã‚¤ãƒˆãƒ«ï¼š<input type="text" name="title"> â† ã€Œã¼ãã¯ã¾ã¡ã¡ã‚ƒã‚“ï¼ã€ã‚’å…¥åŠ› æœ¬æ–‡ï¼š<input type="text" name="body"> â† ã€Œã“ã‚“ã«ã¡ã¯ã“ã‚“ã«ã¡ã¯ï¼ï¼<script>alert(1)</script>ã€ã‚’å…¥åŠ› </form> (ç¢ºèª) <p>ã“ã®å†…å®¹ã§ç™»éŒ²ã—ã¦ã„ã„ï¼Ÿ</p> <p> ã‚¿ã‚¤ãƒˆãƒ«ï¼š ã¼ãã¯ã¾ã¡ã¡ã‚ƒã‚“ï¼<br> æœ¬æ–‡ï¼š ã“ã‚“ã«ã¡ã¯ã“ã‚“ã«ã¡ã¯ï¼ï¼<script>alert
todesking 2006/08/02
ã¯ã¾ã¡ã¡ã‚ƒã‚“å…ˆç”Ÿã˜ãã˜ãã®XSSå…¥é–€è¬›åº§ã€‚

hack

security

tips

tutorial
ãƒªãƒ³ã‚¯
Ajaxã®ç‰¹å¾´ã«æ½œã‚€ãƒªã‚¹ã‚¯ã‚’ã‚µãƒ³ãƒ—ãƒ«ã‚¢ãƒ—ãƒªã§ç¢ºèªã—ã‚ˆã† â€• ï¼ IT
ç¬¬1å›ž AjaxæŠ€è¡“ã®ç›®ã«è¦‹ãˆãªã„é€šä¿¡å†…å®¹ã‚’ã®ãžã„ã¦ã¿ã‚ˆã†ã§ã¯ã€Ajaxã®æŠ€è¡“èƒŒæ™¯ã‚’è§£èª¬ã—ã¾ã—ãŸã€‚ä»Šå›žã¯ã€ã€Œã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã€ã¨ã„ã†è¦³ç‚¹ã§Ajaxã‚’è¦‹ã¦ã„ããŸã„ã¨æ€ã„ã¾ã™ã€‚ 2å›žç›®ã®ä»Šå›žã¯ã€éžå¸¸ã«å¹…åºƒãã€å¥¥ãŒæ·±ã„ã€ŒAjaxã®ç‰¹å¾´ã«æ½œã‚€ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ãƒªã‚¹ã‚¯ã€ã‚’ã€å®Ÿéš›ã®ã‚µãƒ³ãƒ—ãƒ«ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã®é€šä¿¡ã‚„ã€ãƒžã‚¦ã‚¹ã®å‹•ãã‚’å‹•ç”»ã§è¦‹ãªãŒã‚‰ã€ç†è§£ã—ã¾ã—ã‚‡ã†ã€‚ã‚¹ãƒ‘ã‚¤ã‚¦ã‚§ã‚¢ã‚„ã‚ãƒ¼ãƒã‚¬ãƒ¼ã¸ã®åŸºæœ¬çš„ãªå¯¾ç–ã‚‚è§£èª¬ã—ã¾ã™ã€‚ é€šå¸¸ã®Webã‚¢ãƒ—ãƒªã¨ç•°ãªã‚‹Ajaxã®ç‰¹å¾´ã«æ½œã‚€ãƒªã‚¹ã‚¯ ã€ŒAjaxã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã€ã¨ã„ããªã‚Šã„ã£ã¦ã‚‚ã€ã€ŽAjaxã¨ã¯ã„ãˆã€å˜ãªã‚‹Webãƒ–ãƒ©ã‚¦ã‚¶ã§å‹•ä½œã™ã‚‹ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ãªã®ã ã‹ã‚‰ã€ã“ã‚Œã¾ã§ã®Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã¨ã‚ã¾ã‚Šå¤‰ã‚ã‚‰ãªã„ã®ã§ã¯ï¼Ÿã€ã¨äºˆæƒ³ã•ã‚Œã‚‹æ–¹ã‚‚å¤šã„ã§ã—ã‚‡ã†ã€‚ç¢ºã‹ã«ã€Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã¨ã—ã¦æ³¨æ„ã™ã¹ãã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã®ãƒã‚¤ãƒ³ãƒˆã¯ã€Ajaxã«ãŠã„ã¦ã‚‚å…±é€šã—ã¦å½“ã¦ã¯ã¾ã‚‹ã¨è€ƒãˆã¦å•é¡Œã‚
todesking 2006/07/19
ajax

security
ãƒªãƒ³ã‚¯
oresokuvip.com | Agen Judi Raja Slot Online Terbaik Via Dana
Penasaran dengan game terbaru yang sedang ramai diperbincangkan? Zeus Slot Gacor Maxwin adalah jawabannya! Game mengasyikkan ini telah menjadi favorit para pem ain slot online. Dengan grafik yang memukau dan fitur-fiturâ€¦
todesking 2006/07/08
security

ã¡ã‚‡ã£ã¨ã„ã„è©±
ãƒªãƒ³ã‚¯
FrontPage - HackingWiki
ãƒãƒƒã‚ãƒ³ã‚° Wiki â€ ãƒãƒƒã‚ãƒ³ã‚°ã®é–¢é€£ã®ã‚ã‚Œã“ã‚Œã«ã¤ã„ã¦ã¾ã¨ã‚ã¦ã¿ã‚ˆã†ã¨æ€ã£ã¦ã„ã‚‹wikiã§ã™ã€‚æ‚ªã„ã“ã¨ã«ã¯ä½¿ã‚ãªã„ã§ãã ã•ã„ï¼ˆãŸã¶ã‚“ä½¿ãˆãªã„ã¨æ€ã„ã¾ã™ãŒï¼‰ã€‚ å†…å®¹ã¯å°‘ã—ãšã¤å……å®Ÿã•ã›ã¦ã„ããŸã„ã¨æ€ã£ã¦ã„ã¾ã™ãŒã€wikiã®ä½¿ã„æ–¹ã¯ã‚ã¾ã‚Šã‚ã‹ã£ã¦ã„ãªã„ã®ã§äº‹æ•…ã§æ¶ˆãˆã‚‹ã‹ã‚‚ã—ã‚Œã¾ã›ã‚“ã€‚ ç¡¬ã„ã®ã§æ–‡ä½“ã‚’ã€Œã§ã™ã¾ã™ã€ã«ã—ã‚ˆã†ã¨æ€ã„ã¾ã™ã€‚ èª°ã‚‚ç·¨é›†ã—ãªã„ã®ã§ç·¨é›†ã§ããªã„ã‚ˆã†ã«æˆ»ã—ã¾ã—ãŸã€‚ç·¨é›†ã—ãŸã„äººã¯yamamoto at bogus.jpå®›ã«ãƒ¡ãƒ¼ãƒ«ã™ã‚‹ã‹ã€blogã«ã§ã‚‚æ›¸ãè¾¼ã‚€ã‹ã€é›»è©±ã§ã‚‚ã—ã¦ãã ã•ã„ã€‚ã€‚ â†‘
todesking 2006/05/23
security
ãƒªãƒ³ã‚¯
Peak Obsession
Please Sign In No account? Create new user.
todesking 2006/04/27
rails

security
ãƒªãƒ³ã‚¯
OBB vs AABB - Radium Software Development
Domain for sale radiumsoftware.com Free transaction support Secure payments Spaceship reliability Listed with spaceship.com
todesking 2006/04/04
programming

ttk
ãƒªãƒ³ã‚¯
ï¼ IT Security&Trust
ã€Œä¾µå…¥å‰æã€ã ã‘ã§ã¯ã‚„ã‚‰ã‚Œã‚‹ç†ç”±â€•â€•çœŸå› ç©¶æ˜Žã€å„ªå…ˆé †ä½ä»˜ã‘ã¯å¤§ä¸ˆå¤«ï¼Ÿã€€ã‚¢ã‚¿ãƒƒã‚¯ã‚µãƒ¼ãƒ•ã‚§ã‚¹ç®¡ç†ãŒç„¡é§„ã«ãªã‚‹ãƒã‚¤ãƒ³ãƒˆ 2025å¹´8æœˆ27æ—¥ã€ITmedia Security Week 2025 å¤ã§ã€äººæ°—ã®ãƒãƒƒãƒ‰ã‚ãƒ£ã‚¹ãƒˆã€Œã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã®ã‚¢ãƒ¬ã€ã‚’ä¸»å®°ã™ã‚‹3äººã®ãƒªã‚µãƒ¼ãƒãƒ£ãƒ¼ãŒã€å†ã³ã‚¢ã‚¿ãƒƒã‚¯ã‚µãƒ¼ãƒ•ã‚§ã‚¹ç®¡ç†ã‚’é¡Œæã«ãƒ‘ãƒãƒ«ãƒ‡ã‚£ã‚¹ã‚«ãƒƒã‚·ãƒ§ãƒ³ã‚’è¡Œã£ãŸã€‚ï¼ˆ2025å¹´11æœˆ18æ—¥ï¼‰
todesking 2006/03/14
web-prog

security

ã‚ˆã¿ã‚‚ã®

network
ãƒªãƒ³ã‚¯
1