[B! security][css] dazedã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

dazed id:dazed

securityã¨cssã«é–¢ã™ã‚‹dazedã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (11)

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

${{author_name}}$
{{author_name}}{{created}}
{{ #comment }}{{ comment }}{{ /comment }}
- {{ label }}

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

HTMLã¨CSSã ã‘ã§Webãƒ–ãƒ©ã‚¦ã‚¶ã«ã‚µã‚¤ãƒ‰ãƒãƒ£ãƒãƒ«æ”»æ’ƒã‚’ä»•æŽ›ã‘ã‚‹æ‰‹æ³•
dazed 2021/03/12
browser

html

css

security

mobile
ãƒªãƒ³ã‚¯
ã€ãƒ¬ãƒ“ãƒ¥ãƒ¼ã€‘IE6ã€IE7ã€IE8ã€IE9ã‚’ã‚¯ãƒ©ãƒƒã‚·ãƒ¥ã•ã›ã‚‹æ–¹æ³• | ã‚¨ãƒ³ã‚¿ãƒ¼ãƒ—ãƒ©ã‚¤ã‚º | ãƒžã‚¤ã‚³ãƒŸã‚¸ãƒ£ãƒ¼ãƒŠãƒ«
Taranfx.com - Your Gateway to Techno logy, Redefined. ãƒ–ãƒ©ã‚¦ã‚¶ã¯ç‰¹å®šã®HTMLã‚„CSSã€JavaScriptã®ã‚³ãƒ¼ãƒ‰ã‚’èªã¿è¾¼ã‚€ã¨ã‚¯ãƒ©ãƒƒã‚·ãƒ¥ã—ãŸã‚Šãƒ•ãƒªãƒ¼ã‚ºã™ã‚‹ã“ã¨ãŒçŸ¥ã‚‰ã‚Œã¦ã„ã‚‹ã€‚ã—ã‹ã‚‚ãã‚Œã¯è¤‡é›‘æ€ªå¥‡ãªã‚³ãƒ¼ãƒ‰ã§ã¯ãªãã€ã¨ã¦ã‚‚çŸã„ã‚³ãƒ¼ãƒ‰ã§ã‚‚èµ·ã“ã‚‹ã“ã¨ãŒã‚ã‹ã£ã¦ã„ã‚‹ã€‚ç‰¹ã«IEã‚’ã‚¯ãƒ©ãƒƒã‚·ãƒ¥ã•ã›ãŸã‚Šãƒ•ãƒªãƒ¼ã‚ºã•ã›ã‚‹ãŸã‚ã®ã‚³ãƒ¼ãƒ‰ã®å¤šããŒã‚¹ãƒ‹ãƒšãƒƒãƒˆã¨ã—ã¦å…¬é–‹ã•ã‚Œã¦ã„ã‚‹ã€‚ ãã†ã—ãŸæƒ…å ±ã®ã²ã¨ã¤ã«Taranfxã§å…¬é–‹ã•ã‚Œã¦ã„ã‚‹How to Crash Internet Explorer IE6, IE7, IE8, IE9ãŒã‚ã‚‹ã€‚IE6ã€IE7ã€IE8ã€IE9ã‚’ã‚¯ãƒ©ãƒƒã‚·ãƒ¥ã•ã›ãŸã‚Šãƒ•ãƒªãƒ¼ã‚ºã•ã›ã‚‹ã“ã¨ãŒã§ãã‚‹ã‚³ãƒ¼ãƒ‰ã‚’ç´¹ä»‹ã™ã‚‹ã¨ã„ã†å†…å®¹ã«ãªã£ã¦ã„ã‚‹ã€‚è¨˜äº‹ã®ç›®çš„ã¯IEãŒã‚¯ãƒ©ãƒƒã‚·ãƒ¥ã™ã‚‹ã‚³ãƒ¼ãƒ‰ã‚’ä½¿ã£ã¦ã»ã‹ã®ãƒ–ãƒ©ã‚¦ã‚¶ã¸ãƒ¦ãƒ¼ã‚¶ã®ç›®ã‚’å‘ã‘ã•ã›ã‚ˆã†ã¨ã„ã†ã‚‚ã®ã€‚åŒæ§˜ã®å–ã‚Šçµ„ã¿ã¯ã™ã§
dazed 2011/01/17
ie

browser

bug

security

html

css

javascript
ãƒªãƒ³ã‚¯
XSSã®æ”»æ’ƒæ‰‹æ³•ã„ã‚ã„ã‚ - ã†ãªã®æ—¥è¨˜
html5securityã®ã‚µã‚¤ãƒˆã«ã€XSSã®å„ç¨®æ”»æ’ƒæ‰‹æ³•ãŒã¾ã¨ã‚ã‚‰ã‚Œã¦ã„ã‚‹ã®ã‚’ç™ºè¦‹ã›ã‚Š!ã¨ã„ã†ã“ã¨ã§ã€å€‹äººçš„ã«ã€ŒãŠ!ã€ã¨æ€ã£ãŸæ”»æ’ƒã‚’ã‚µãƒ³ãƒ—ãƒ«ã¤ãã§ã”ç´¹ä»‹ã—ã¾ã™ã€‚ 1. CSS Expression IE7ä»¥å‰ã«ã¯ã€ŒCSS Expressionsã€ã¨ã„ã†æ‹¡å¼µæ©Ÿèƒ½ãŒã‚ã‚Šã€CSSå†…ã§JavaScriptã‚’å®Ÿè¡Œã§ããŸã‚Šã—ã¾ã™ã€‚ <div style="color:expression(alert('XSS'));">a</div> ç¢ºèª @IT -ï¼»æŸ”è»Ÿã™ãŽã‚‹ï¼½IEã®CSSè§£é‡ˆã§èµ·ã“ã‚‹XSS ã§è©³ã—ãè§£èª¬ã•ã‚Œã¦ã„ã¾ã™ãŒã€CSSã®è§£é‡ˆãŒæŸ”è»Ÿãªã“ã¨ã¨ã‚‚ã‚ã„ã¾ã£ã¦è‡ªå‰ã§ç„¡å®³åŒ–ã™ã‚‹ã®ã¯ãªã‹ãªã‹å›°é›£ã€‚ä»¥ä¸‹ã®ã‚ˆã†ãªã‚³ãƒ¼ãƒ‰ã§ã‚‚ã‚¹ã‚¯ãƒªãƒ—ãƒˆãŒå®Ÿè¡Œã•ã‚Œã¦ã—ã¾ã„ã¾ã™ã€‚ <div style="color:expr/* ã‚³ãƒ¡ãƒ³ãƒˆã®æŒ¿å…¥ */ession(alert('XSS'));">a</div> ç¢ºèª <div s
dazed 2010/06/20
javascript

css

xss

security
ãƒªãƒ³ã‚¯
æ¥½å¤©ad4Uã§æ‚ªç”¨ã•ã‚ŒãŸCSSã®ä»•æ§˜æ€§ã€AppleãŒSafari 5.0ã§ä¿®æ£ | ã‚¹ãƒ©ãƒ‰ ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£
ä¸€æ˜¨æ—¥10æœˆã®ã‚¹ãƒˆãƒ¼ãƒªãƒ¼ã€Œæ¥½å¤©ãƒ»ãƒ‰ãƒªã‚³ãƒ ã®è¡Œå‹•ã‚¿ãƒ¼ã‚²ãƒƒãƒ†ã‚£ãƒ³ã‚°åºƒå‘Šã€HTML/CSSä»•æ§˜ã®ä¸å‚™ã‚’çªã„ã¦è¨ªå•å…ˆã‚µã‚¤ãƒˆã‚’èª¿æŸ»ã€ã§è©±é¡Œã«ãªã£ãŸCSSã®ä»•æ§˜ã«ã¤ã„ã¦ã€ä»Šæœˆ11æ—¥ã«ãƒªãƒªãƒ¼ã‚¹ã•ã‚ŒãŸSafari 5.0ã§å¤‰æ›´ã•ã‚ŒãŸã€‚ Appleã®ãƒªãƒªãƒ¼ã‚¹ã€ŒSafari 5.0 ãŠã‚ˆã³ Safari 4.1 ã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚³ãƒ³ãƒ†ãƒ³ãƒ„ã«ã¤ã„ã¦ã€ãŒæ¬¡ã®ã‚ˆã†ã«è¿°ã¹ã¦ã„ã‚‹ã€‚ å¯¾è±¡ã¨ãªã‚‹ãƒãƒ¼ã‚¸ãƒ§ãƒ³ï¼šMac OS X v10.4.11ã€Mac OS X Server v10.4.11ã€Mac OS X v10.5.8ã€Mac OS X Server v10.5.8ã€Mac OS X v10.6.2 ä»¥é™ã€Mac OS X Server v10.6.2 ä»¥é™ã€Windows 7ã€Vistaã€XP SP2 ä»¥é™ å½±éŸ¿ï¼šæ‚ªæ„ã‚’æŒã£ã¦ä½œæˆã•ã‚ŒãŸ Web ã‚µã‚¤ãƒˆã«ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ã¨ã€ãƒ¦ãƒ¼ã‚¶ãŒã‚¢ã‚¯ã‚»ã‚¹ã—ãŸã‚µã‚¤ãƒˆã‚’ç‰¹å®šã§ãã‚‹å¯èƒ½æ€§ãŒã‚
dazed 2010/06/14
safari

security

css
ãƒªãƒ³ã‚¯
CSS ã® visited ã‚’åˆ©ç”¨ã—ã¦ãƒ–ãƒ©ã‚¦ã‚¶ã®è¨ªå•å±¥æ´ã‚’å–å¾—ã•ã‚Œã†ã‚‹ãƒ¦ãƒ¼ã‚¶ã¯ 76 % ä»¥ä¸Šã«ä¸Šã‚‹ | ã‚¹ãƒ©ãƒ‰ ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£
CSS ã® visited ã‚’åˆ©ç”¨ã—ã¦ãƒ–ãƒ©ã‚¦ã‚¶ã®è¨ªå•å±¥æ´ã‚’å–å¾—ã™ã‚‹ã“ã¨ãŒã§ãã‚‹ã“ã¨ã¯å¤ãã‹ã‚‰çŸ¥ã‚‰ã‚Œã¦ã„ã‚‹ãŒã€76 % ä»¥ä¸Šã‚‚ã®ãƒ¦ãƒ¼ã‚¶ãŒã“ã®æ‰‹æ³•ã§å±¥æ´ã‚’å–å¾—ã•ã‚Œã†ã‚‹çŠ¶æ…‹ã«ã‚ã‚‹ã“ã¨ãŒæ˜Žã‚‰ã‹ã«ãªã£ãŸã¨ã®ã“ã¨ (æœ¬å®¶ /. è¨˜äº‹ã‚ˆã‚Š)ã€‚ What the Internet Knows About You ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆãŒè¡Œã£ãŸã“ã®èª¿æŸ»ã§ã¯ 5,000 ã®äººæ°—ã‚µã‚¤ãƒˆã‹ã‚‰ãƒ¦ãƒ¼ã‚¶ã®è¨ªå•å±¥æ´ãŒã‚ã‚‹ã‚µã‚¤ãƒˆã‚’æ¤œå‡ºã™ã‚‹ã¨ã„ã†å®Ÿé¨“ã‚’è¡Œã„ã€243,068 ãƒ¦ãƒ¼ã‚¶ãŒã“ã‚Œã«å‚åŠ ã—ãŸ (ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã®å®Ÿé¨“ãƒšãƒ¼ã‚¸ã¯ã“ã¡ã‚‰) ã€‚ èª¿æŸ»ã§ã¯å¹³å‡ 63 ã®è¨ªå•å±¥æ´ (13 ã‚µã‚¤ãƒˆ + 50 ã®ã‚µã‚¤ãƒˆå†…ã‚µãƒ–ãƒšãƒ¼ã‚¸) ã‚’æ¤œå‡ºã—ãŸã¨ã®ã“ã¨ã€‚ç‰¹ã« Safari ã‚„ Chrome ãªã©æœ€è¿‘ã®ãƒ–ãƒ©ã‚¦ã‚¶ã§è¨ªå•å±¥æ´ãŒå–å¾—ã•ã‚Œã‚„ã™ã„å‚¾å‘ãŒè¦‹ã‚‰ã‚Œã€Safari ã§ã¯ 82 %ã€Chrome ã§ã¯ 94 % ã®ãƒ¦ãƒ¼ã‚¶ãŒå±¥æ´ã‚’å–å¾—ã•ã‚Œã†ã‚‹çŠ¶æ…‹ã«ã‚ã£ãŸã¨ã„
dazed 2010/05/21
browser

safari

chrome

css

security
ãƒªãƒ³ã‚¯
XSS (Cross Site Scripting) Cheat Sheet
XSS (Cross Site Scripting) Cheat Sheet Esp: for filter evasion By RSnake Note from the author: XSS is Cross Site Scripting. If you don't know how XSS (Cross Site Scripting) works, this page probably won't help you. This page is for people who already understand the basics of XSS attacks but want a deep understanding of the nuances regarding filter evasion. This page will also not show you how to
dazed 2010/05/11
xss

javascript

css

security

hack
ãƒªãƒ³ã‚¯
What the Internet knows about you
é«˜éº—äººå‚ã¯ã€å’Œåã§ã‚ªã‚¿ãƒãƒ‹ãƒ³ã‚¸ãƒ³ã¨ã‚‚å‘¼ã°ã‚Œã¦ã„ã‚‹å¥åº·é£Ÿå“ã§ã™ã€‚ ä¸»ã«ã‚¦ã‚³ã‚®ç§‘ã®è–¬ç”¨æ¤ç‰©ã®æ ¹ã£ã“ã‚’æŒ‡ã—ã¾ã™ã€‚ ã‚µãƒãƒ‹ãƒ³ã¨ã„ã†æœ‰ç”¨æˆåˆ†ãŒè±Šå¯Œã«å«ã¾ã‚Œã¦ãŠã‚Šã€æ§˜ã€…ãªç›®çš„ã«æ´»ç”¨ã™ã‚‹ã“ã¨ãŒå‡ºæ¥ã‚‹å¥åº·ç´ æã§ã™ã€‚ é«˜éº—äººå‚ã«ã¯ã€å¤šã„ã‚‚ã®ã§ç´„40ç¨®é¡žã«ã‚‚ã®ã¼ã‚‹ã‚µãƒãƒ‹ãƒ³ãŒå«ã¾ã‚Œã¦ã„ã¦ã€ãã‚Œã‚‰ãŒè¤‡åˆçš„ã«åƒãã“ã¨ã§èº«ä½“çš„ãƒ»ç²¾ç¥žçš„ã«æ§˜ã€…ãªãƒ‘ãƒ¯ãƒ¼ã‚’æ„Ÿã˜ã‚‹ã“ã¨ãŒã§ãã‚‹ã®ã§ã™ã€‚ å¥åº·ç¶æŒã«ã¯ã‚‚ã¡ã‚ã‚“ã€ç¾Žå®¹ã«ã‚‚æ´»ç”¨ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ ã“ã®ãƒ–ãƒã‚°ã§ã¯ã€ãã‚“ãªé«˜éº—äººå‚ã®ä½¿ã„æ–¹ã‚„é¸ã³æ–¹ã‚’ã‚µãƒãƒ¼ãƒˆã€‚ ã•ã‚‰ã«ã€äººæ°—ã®ã‚ã‚‹ã‚µãƒ—ãƒªãƒ¡ãƒ³ãƒˆã‚’è©³ç´°ã«æ¤œè¨¼ã—ã¾ã—ãŸï¼ ãƒ©ãƒ³ã‚ãƒ³ã‚°ã§ã¯ã€æœ¬å½“ã«å„ªç§€ãªè£½å“ã ã‘ã‚’æŽ²è¼‰ï¼ ã€ŒåŠ¹æžœãªã—ï¼Ÿã€ã®çœŸå½ã‚’ç¢ºèªã—ã¦ã„ã¾ã™ã€‚ é«˜éº—äººå‚ã¯ã€å¤ãã‹ã‚‰ã‚¢ã‚¸ã‚¢ã§æ„›ç”¨ã•ã‚Œç¶šã‘ã¦ã„ã‚‹æ¼¢æ–¹è–¬ãƒ»ç”Ÿè–¬ã§ã™ã€‚ æ¼¢æ–¹ã®ä¸–ç•Œã§ã¯ä¸Šè–¬ã¨ã„ã†ã€Œè³ªã®é«˜ã„æ¼¢æ–¹ã€ã«ä½ç½®ä»˜ã‘ã‚‰ã‚Œã¦ã„ã¾ã™ã€‚ ä¸Šè–¬ã®ç‰¹å¾´ã¯ãƒ»ãƒ»ãƒ» ã€Œé•·æœŸé–“ã«ã‚ãŸã‚Šä½¿ã„ç¶šã‘ã‚‹ã“ã¨ã§ã€å®Ÿæ„Ÿåº¦
dazed 2009/09/03
javascriptç„¡åŠ¹ã§ã‚‚å‹•ä½œã€‚ä»•æ§˜èª¬æ˜Žãƒšãƒ¼ã‚¸â†’http://whattheinternetknowsaboutyou.com/docs/details.html

security

browser

web

css

javascript
ãƒªãƒ³ã‚¯
é«˜æœ¨æµ©å…‰ï¼ è‡ªå®…ã®æ—¥è¨˜ - æ¥½å¤©ad4Uã®éš ã—ãƒªãƒ³ã‚¯ã‚’éœ²å‡ºã•ã›ã‚‹ãƒ¦ãƒ¼ã‚¶ã‚¹ã‚¿ã‚¤ãƒ«ã‚·ãƒ¼ãƒˆ
â– æ¥½å¤©ad4Uã®éš ã—ãƒªãƒ³ã‚¯ã‚’éœ²å‡ºã•ã›ã‚‹ãƒ¦ãƒ¼ã‚¶ã‚¹ã‚¿ã‚¤ãƒ«ã‚·ãƒ¼ãƒˆ è„†å¼±æ€§ã‚’çªã„ã¦ãƒ–ãƒ©ã‚¦ã‚¶ã®é–²è¦§å±¥æ´ã‚’èª¿ã¹ã‚‹ã¨ã„ã†ç¦ã˜æ‰‹ã«æ‰‹ã‚’å‡ºã—ãŸã€æŽŸç ´ã‚Šã®ï¼ˆè‡ªç§°ã€Œæ¬¡ä¸–ä»£ã€ï¼‰è¡Œå‹•ã‚¿ãƒ¼ã‚²ãƒ†ã‚£ãƒ³ã‚°åºƒå‘Šã€Œæ¥½å¤©ad4Uã€ã«ã¤ã„ã¦ã€amachangã®ã€ŒIEã®innerHTMLã‚„appendChildã§è¦ç´ ãŒæŒ¿å…¥ã•ã‚ŒãŸçž¬é–“ã‚’å–å¾—ã™ã‚‹æ–¹æ³•ã€ã‚’å‚è€ƒã«ã€ãã®éš ã—ãƒªãƒ³ã‚¯ã‚’éœ²å‡ºã•ã›ã‚‹ãƒ¦ãƒ¼ã‚¶ã‚¹ã‚¿ã‚¤ãƒ«ã‚·ãƒ¼ãƒˆã‚’ä½œã£ã¦ã¿ãŸã€‚ï¼ˆInternet Explorerç”¨ã€‚ï¼‰ #ad4u_list { display: expression(function() { if (!this.__mark) { this.__mark = true; // alert(this.innerHTML); var o = '<div style="overflow:scroll; border:dashed 4px red;">'; o = o + this
dazed 2009/08/21
security

rakuten

css

advertising
ãƒªãƒ³ã‚¯
JavaScriptã‚’ä½¿ã‚ãšã«Webãƒ–ãƒ©ã‚¦ã‚¶ã®é–²è¦§å±¥æ´ã‚’ç›—ã‚€ | ã‚¹ãƒ©ãƒ‰ ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£
bugzilla.mozilla.org ã§ã¯ JavaScript ã‚’ä½¿ã† exploit ã‚‚ä½¿ã‚ãªã„ exploit ã‚‚ Bug 147777 [mozilla.org] ã¨ã—ã¦æ‰±ã£ã¦ã„ã¾ã™ã€‚ã“ã® bug ã®ã‚³ãƒ¡ãƒ³ãƒˆä¸ã€ JavaScript ã‚’ä½¿ã‚ãªã„ä¾‹ã¯ã€ã¯ã£ãã‚Šã—ãŸã‚‚ã®ã¨ã—ã¦ã¯ 2006 å¹´ 12 æœˆã® Comment 71 [mozilla.org] ãŒåˆå‡ºã§ã—ã‚‡ã†ã‹ã€‚ 2005 å¹´ 6 æœˆã® Comment 48 [mozilla.org] ã‚‚ãã‚Œã£ã½ã„ã§ã™ãŒã€‚ ã¾ã æ£å¼ç‰ˆã©ã“ã‚ã‹ RC ã‚‚å‡ºã¦ã„ãªã„ã®ã§ä¸€èˆ¬ã®äººã«ã¯ãŠå‹§ã‚ã—ã¾ã›ã‚“ãŒã€äººæŸ±ã®äººã¯ Firefox 3.5 Preview ã‚’ä½¿ã£ã¦ about:config ã‹ã‚‰ layout.css.visited_links_enabled ã‚’ false ã«ã™ã‚‹ã¨ã€ãƒªãƒ³ã‚¯ãŒ visited ã‹ã©ã†ã‹ã«ã‚ˆã£ã¦ã‚¹ã‚¿ã‚¤ãƒ«ã‚’å¤‰ãˆã‚‹ã®
dazed 2009/06/15
security

javascript

css
ãƒªãƒ³ã‚¯
ï¼»æŸ”è»Ÿã™ãŽã‚‹ï¼½IEã®CSSè§£é‡ˆã§èµ·ã“ã‚‹XSS
ï¼»æŸ”è»Ÿã™ãŽã‚‹ï¼½IEã®CSSè§£é‡ˆã§èµ·ã“ã‚‹XSSï¼šæ•™ç§‘æ›¸ã«è¼‰ã‚‰ãªã„Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ï¼ˆ3ï¼‰ï¼ˆ1/3 ãƒšãƒ¼ã‚¸ï¼‰ XSSã«CSRFã«SQLã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³ã«ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªãƒˆãƒ©ãƒãƒ¼ã‚µãƒ«â€¦â€¦Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã®ãƒ—ãƒã‚°ãƒ©ãƒžãŒçŸ¥ã£ã¦ãŠãã¹ãè„†å¼±æ€§ã¯ã„ã£ã±ã„ã‚ã‚Šã¾ã™ã€‚ãã“ã§æœ¬é€£è¼‰ã§ã¯ã€ãã®ã‚ˆã†ãªãƒ¡ã‚¸ãƒ£ãƒ¼ãªã‚‚ã®â€œä»¥å¤–â€ã‚‚æŽ˜ã‚Šä¸‹ã’ã¦ã„ãã¾ã™ ï¼ˆç·¨é›†éƒ¨ï¼‰ ãªãœã‹å¥¥æ·±ã„IEã®XSSã®è©± çš†ã•ã‚“ã“ã‚“ã«ã¡ã¯ã€ã¯ã›ãŒã‚ã‚ˆã†ã™ã‘ã§ã™ã€‚ ç¬¬1å›žã€Œï¼»ã“ã‚Œã¯ã²ã©ã„ï¼½IEã®å¼•ç”¨ç¬¦ã®è§£é‡ˆã€ã¨ç¬¬2å›žã€Œï¼»ç„¡è¦–ã§ããªã„ï¼½IEã®Content-Typeç„¡è¦–ã€ã§Internet Explorer(IE)ã®ç‹¬è‡ªã®æ©Ÿèƒ½ãŒã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚°ï¼ˆXSSï¼šcross-site scriptingï¼‰ã‚’å¼•ãèµ·ã“ã™å¯èƒ½æ€§ãŒã‚ã‚‹ã¨ã„ã†ã“ã¨ã«ã¤ã„ã¦èª¬æ˜Žã—ã¦ãã¾ã—ãŸã€‚ ç¬¬3å›žã§ã‚‚å¼•ãç¶šãã€IEç‰¹æœ‰ã®æ©Ÿèƒ½ãŒXSSã‚’å¼•ãèµ·ã“ã™ä¾‹ã¨ã„ã†ã“ã¨ã§ã€
dazed 2009/06/04
security

ie

xss

css
ãƒªãƒ³ã‚¯
ã¾ã ã¾ã ã‚ã‚‹ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆãƒ»ã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚°æ”»æ’ƒæ³•
å‰å›žã¯ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆãƒ»ã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚°ã®ãœã„å¼±æ€§ã‚’çªãæ”»æ’ƒã®å¯¾ç–ã¨ã—ã¦ã®HTMLã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã®æœ‰åŠ¹æ€§ã‚’è¿°ã¹ãŸã€‚ãŸã ï¼ŒHTMLã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã ã‘ã§ã¯ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆãƒ»ã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚°æ”»æ’ƒã‚’å®Œå…¨ã«é˜²å¾¡ã™ã‚‹ã“ã¨ã¯ã§ããªã„ã€‚ãã“ã§ä»Šå›žã¯ï¼ŒHTMLã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã§å¯¾å‡¦ã§ããªã„ã‚¿ã‚¤ãƒ—ã®ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆãƒ»ã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚°æ”»æ’ƒã®æ‰‹å£ã¨ï¼Œãã®å¯¾ç–ã«ã¤ã„ã¦è§£èª¬ã™ã‚‹ã€‚ HTMLã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã§å¯¾å‡¦ã§ããªã„æ”»æ’ƒã«ã¯ï¼Œæ¬¡ã®ã‚ˆã†ãªã‚‚ã®ãŒã‚ã‚‹ã€‚ ã‚¿ã‚°æ–‡å—ã®å…¥åŠ›ã‚’è¨±å®¹ã—ã¦ã„ã‚‹å ´åˆï¼ˆWebãƒ¡ãƒ¼ãƒ«ï¼Œãƒ–ãƒã‚°ãªã©ï¼‰ CSSï¼ˆã‚«ã‚¹ã‚±ãƒ¼ãƒ‡ã‚£ãƒ³ã‚°ãƒ»ã‚¹ã‚¿ã‚¤ãƒ«ã‚·ãƒ¼ãƒˆï¼‰ã®å…¥åŠ›ã‚’è¨±å®¹ã—ã¦ã„ã‚‹å ´åˆï¼ˆãƒ–ãƒã‚°ãªã©ï¼‰ æ–‡å—ã‚³ãƒ¼ãƒ‰ã‚’æ˜Žç¤ºã—ã¦ã„ãªã„ã‚±ãƒ¼ã‚¹ã§UTF-7æ–‡å—ã‚³ãƒ¼ãƒ‰ã«ã‚ˆã‚‹ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆãƒ»ã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚° <SCRIPT>ã®å†…å®¹ã‚’å‹•çš„ã«ç”Ÿæˆã—ã¦ã„ã‚‹å ´åˆ Aã‚¿ã‚°ãªã©ã®URLã‚’å‹•çš„ã«ç”Ÿæˆã—ã¦ã„ã‚‹å ´åˆæ³¨ï¼‰ ä»¥ä¸‹ã§ã¯ï¼ŒHTMLã‚¿ã‚°ã‚„CSSã®å…¥åŠ›ã‚’è¨±å®¹ã—ã¦ã„ã‚‹å ´åˆã¨ï¼Œæ–‡å—ã‚³ãƒ¼ãƒ‰ã‚’æ˜Ž
dazed 2007/04/17
css

javascript

security

xss
ãƒªãƒ³ã‚¯
1