XSS technique without parentheses
XSS technique without parentheses Tuesday, 1 May 2012 This is a very old technique I discovered years ago which I used to bypass a filter and it’s pretty awesome. It might come in handy to bypass a WAF or filter since it’s not public until now. First you need to understand (which you probably do) that the window object is the default object in JavaScript and every time you execute code it’s like y
XSS Challenge (ã‚»ã‚ュリティ・ミニã‚ャンプ in 岡山 2018 演習コンテンツ) Writeup - Szarny.io
ã¯ã˜ã‚ã« Writeup Case 01: Simple XSS 1 è§£ç” Case 02: Simple XSS 2 è§£ç” Case 03: With htmlspecialchars() è§£ç” Case 04-1: Without any backquotes and HTML tags è§£ç” Case 04-2: Without any backquotes, HTML tags and [ux] è§£ç” Case 05: Without any alphabets è§£ç” Case 06-1: Without any paretheses è§£ç” Case 06-2: Without any parentheses and [oO][nN] è§£ç” Case 06-3: Without any paretheses and .[oO].[nN].* è§£ç” Case 06-4: Withou
Web Application Penetration Testing Notes
XXE#Valid use case#This is a non-malicious example of how external entities are used: <?xml version="1.0" standalone="no" ?> <!DOCTYPE copyright [ <!ELEMENT copyright (#PCDATA)> <!ENTITY c SYSTEM "http://www.xmlwriter.net/copyright.xml"> ]> <copyright>&c;</copyright> Resource: https://xmlwriter.net/xml_guide/entity_declaration.shtml Testing methodology#Once you’ve intercepted the POST to the vulne
XSS Challenge (by y0n3uchy)
Introduction ã“れ㯠セã‚ュリティ・ミニã‚ャンプ in 岡山 2018 ã§æ¼”習コンテンツã¨ã—ã¦ä½¿ç”¨ã•ã‚ŒãŸ, *åˆå¦è€…å‘ã‘* ã® XSS Challenge ã§ã™ã€‚ alert('XSS') 㨠alert(document.domain) ã® 2 ã¤ã‚’, å„ページã§å®Ÿè¡Œã—ã¦ãã ã•ã„。ãŸã ã— document.domain == xss.shift-js.info ã¨ãªã‚‹ã‚ˆã†ã«ã—ã¾ã—ょã†ã€‚特段ã®æŒ‡ç¤ºãŒãªã„é™ã‚Š, 多ãã®å•é¡Œã§ã¯, ユーザーæ“作を必è¦ã¨ã™ã‚‹ã‚‚ã®(e.g. onclick)ã§ã‚‚構ã„ã¾ã›ã‚“。 CTF ã¨é•ã„, 特㫠alert ãŒç”Ÿã˜ã¦ã‚‚ FLAG ãŒè¡¨ç¤ºã•ã‚ŒãŸã‚Šã—ã¾ã›ã‚“ãŒ, alert('XSS') 㨠alert(document.domain) ãŒæ£ã—ã実行ã•ã‚Œã‚‹ã¨, "You win! :-)" ã¨ã ã‘表示ã•ã‚Œã¾ã™ã€‚alert を出ã—ã¦æ¥½ã—ã¿ã¾ã—ょã†ã€‚ã¾ãŸ pu
pixiv Bug Bounty Program 2018 - pixiv inside
ã“ã‚“ã«ã¡ã¯ã€ã‚»ã‚ュリティエンジニアã®koboã§ã™ã€‚ピクシブã§ã¯2016å¹´ã‚ˆã‚Šè„†å¼±æ€§å ±å¥¨é‡‘åˆ¶åº¦ã‚’é‹ç”¨ã—ã¦ã„ã¾ã™ãŒã€2018年度ã«å…¥ã£ã¦ã‹ã‚‰å ±å¥¨é‡‘ã®å¢—é¡ã‚„æ–°ã—ã„プラットフォームã¸ã®å‚å…¥ãªã©ã€ã“ã‚Œã¾ã§ã«å¢—ã—ã¦æ³¨åŠ›ã—ã¦ã„ã¾ã™ã€‚本記事ã§ã¯ã€æœ€è¿‘ã®ãƒ”クシブã®è„†å¼±æ€§å ±å¥¨é‡‘制度ã®å‹•å‘ã¨å®Ÿéš›ã«å ±å‘Šã•ã‚ŒãŸè„†å¼±æ€§ã®ä¾‹ã‚’紹介ã—ã¦ã„ãã¾ã™ã€‚ pixiv Bug Bounty Programã®æ¦‚è¦ æœŸé–“: 2016/04〜 支払ã„済ã¿å ±å¥¨é‡‘ç·é¡: 300万円程度 å ±å‘Šç·æ•°: 294件 ピクシブã§ã¯2å¹´åŠã»ã©ã«æ¸¡ã£ã¦è„†å¼±æ€§å ±å¥¨é‡‘制度を実施ã—ã¦ãã¾ã—ãŸãŒã€2018å¹´ã«å…¥ã£ã¦ã‹ã‚‰è„†å¼±æ€§å ±å‘Šã®ä»¶æ•°ã€ã‚¯ã‚ªãƒªãƒ†ã‚£å‘上ã®ç‚ºã«2ã¤ã®é‡è¦ãªå¤‰æ›´ã‚’è¡Œã„ã¾ã—ãŸã€‚ å ±å¥¨é‡‘ã®å¢—é¡ è„†å¼±æ€§ã‚’å ±å‘Šã™ã‚‹ãƒãƒƒã‚«ãƒ¼ã«å¯¾ã—ã¦ã“ã‚Œã¾ã§ã‚ˆã‚Šã‚‚高ã„インセンティブをæä¾›ã™ã‚‹ã“ã¨ã§å ±å‘Šã‚’促ã™ãŸã‚ HackerOneã¸ã®å‚å…¥ 世界最大ã®ãƒã‚°ãƒã‚¦ãƒ³ãƒ†ã‚£ãƒ—ラットフォーãƒ
WebUSBã§ãƒ¬ã‚¤ãƒ¤ãƒ¼ãŒä½Žã¾ã‚‹Web開発(Shibuya.XSS版)
Chrome 61ã‹ã‚‰ä½¿ãˆã‚‹ã‚ˆã†ã«ãªã£ãŸWebUSB APIを使ã£ã¦USBデãƒã‚¤ã‚¹ã¨ä¼šè©±ã™ã‚‹æ–¹æ³•ã‚’解説ã—ã¾ã™ã€‚ ã“ã‚Œã¯2017å¹´12月13æ—¥ã«è¡Œã‚れ㟠Shibuya.XSS techtalk #10 ã®ç™ºè¡¨è³‡æ–™ã§ã™ã€‚ ã“ã‚Œã¯2017å¹´9月23æ—¥ã«è¡Œã‚れ㟠第3回 カーãƒãƒ«ï¼VM探検隊@北陸ã§ã®ç™ºâ€¦
ImageMagickを使ã†Webアプリã®ã‚»ã‚ュリティ - 3. XSS・アクセス制御 - MBSD
本記事ã¯ImageMagick関連ã®è¨˜äº‹ã®3本目ã§ã™ã€‚ImageMagickã®æ—¢çŸ¥ã®è„†å¼±æ€§ã€ã‚·ã‚¹ãƒ†ãƒ æƒ…å ±ã®æ¼æ´©ãªã©ã®å•é¡Œã‚’扱ã£ãŸ1ã¤ç›®ã®è¨˜äº‹ã€DoSを扱ã£ãŸ2ã¤ç›®ã®è¨˜äº‹ã‚‚å‚ç…§ãã ã•ã„。 最終ã¨ãªã‚‹3回目ã®ä»Šå›žã¯ã€XSSã¨ã‚¢ã‚¯ã‚»ã‚¹åˆ¶å¾¡ã‚’å–り上ã’ã¾ã™ã€‚å‰æã¨ã™ã‚‹ç’°å¢ƒãªã©ã¯å‰å›žãƒ»å‰ã€…回ã¨åŒã˜ã§ã™ã€‚ ※ 記事ä¸ã§ã¯å³ã®ç•¥èªžã‚’使ã£ã¦ã„ã¾ã™ã€‚ IM = ImageMagickã€CW = CarrierWave アクセス制御ã®ä¸å‚™ åˆå›žã®è¨˜äº‹ã§è¿°ã¹ãŸã‚ˆã†ã«ã€ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã®çŠ¶æ…‹ã®CWã¯å…¬é–‹ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã«ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰ã•ã‚ŒãŸãƒ•ã‚¡ã‚¤ãƒ«ã‚’ç½®ãã¾ã™ã€‚ファイルã®æœ€çµ‚çš„ãªä¿å˜å‰ã«ä¸€æ™‚çš„ã«ä½œæˆã•ã‚Œã‚‹ã‚ャッシュもåŒæ§˜ã§ã™ã€‚ ã“れらã®ãƒ•ã‚¡ã‚¤ãƒ«ã¯URLを推測ã§ãã‚Œã°èª°ã§ã‚‚å‚ç…§å¯èƒ½ã§ã™ã€‚
ブラウザ上ã§Markdownを安全ã«å±•é–‹ã™ã‚‹ - 葉ã£ã±æ—¥è¨˜
ä¸ç‰¹å®šã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒå…¥åŠ›ã—ãŸMarkdownをブラウザ上ã§JavaScriptを使ã£ã¦HTMLã«å¤‰æ›ã™ã‚‹ã¨ã„ã†å ´é¢ã«ãŠã„ã¦ã¯ã€JavaScriptã§å¤‰æ›ã—ã¦HTMLを生æˆã™ã‚‹ã¨ã„ã†å‡¦ç†ã®éƒ½åˆä¸Šã©ã†ã—ã¦ã‚‚DOM-based XSSã®ç™ºç”Ÿã‚’考ãˆãªã„ã‚ã‘ã«ã¯ã„ã‹ãªã„。ã‹ã¨ã„ã£ã¦ã€Markdownをパースã—HTMLを生æˆã™ã‚‹ã¨ã„ã†å‡¦ç†ã™ã¹ã¦ã‚’XSSãŒå˜åœ¨ã—ãªã„よã†ã«æ³¨æ„ã—ãªãŒã‚‰è‡ªåˆ†ã§æ›¸ãã®ã‚‚大変ã ã—ã€markedã‚„markdown-jsãªã©ã®æ—¢å˜ã®å¤‰æ›ç”¨ã®JSã‚’æŒã£ã¦ãã¦ã‚‚ãれらãŒXSSã—ãªã„ã‹ã‚’確èªã™ã‚‹ã®ã¯çµæ§‹å¤§å¤‰ã ã£ãŸã‚Šã™ã‚‹ã€‚ ãã†ã„ã£ãŸå ´åˆã«ã¯ã€Markdownã‹ã‚‰ç”Ÿæˆã•ã‚ŒãŸHTMLã‚’RickDOMを通ã™ã“ã¨ã§ã€ä¸‡ãŒä¸€HTML内ã«JavaScriptãŒå«ã¾ã‚Œã¦ã„ãŸã¨ã—ã¦ã‚‚ãれらを除外ã—ã€è¨±å¯ã•ã‚ŒãŸè¦ç´ ã€è¨±å¯ã•ã‚ŒãŸå±žæ€§ã ã‘ã§æ§‹ç¯‰ã•ã‚ŒãŸå®‰å…¨ãªHTMLã«å†æ§‹ç¯‰ã™ã‚‹ã“ã¨ãŒã§ãる。ã•ã‚‰ã«ã€ãã†ã‚„ã£ã¦ç”Ÿæˆ
Vue.js 㧠XSS を作り込ã¾ãªã„ãŸã‚ã«æ°—を付ã‘ã‚‹ã“㨠- ã‚»ã‚ュアスカイプラス
ã¯ã˜ã‚ã« ã¯ã˜ã‚ã¾ã—ã¦ã€ç¦å²¡ã‚ªãƒ•ã‚£ã‚¹ã§åƒã„ã¦ã„ã‚‹å‰å¹³ã§ã™ã€‚ ã‚»ã‚ュアスカイ・テクノãƒã‚¸ãƒ¼ã§ã¯ã€ã™ã§ã«ã„ãã¤ã‹ã®ã‚«ãƒ†ã‚´ãƒªã®ãƒ–ãƒã‚°ã‚’発信ã—ã¦ã„ã¾ã™ãŒã€æŠ€è¡“を気軽ã«ç™ºä¿¡ã—ãŸã‚Šã€ã‚¨ãƒ³ã‚¸ãƒ‹ã‚¢ãŒæ™®æ®µã®æ¥å‹™ã§ã©ã®ã‚ˆã†ãªæŠ€è¡“ã«è§¦ã‚Œã¦ã„ã‚‹ã®ã‹ã‚’紹介ã—ãŸã‚Šã™ã‚‹ã“ã¨ã‚’目的ã¨ã—ã¦ã€æ–°ã—ã「エンジニアブãƒã‚°ã€ãŒç«‹ã¡ä¸ŠãŒã‚Šã¾ã—ãŸã€‚ 本記事ã§ã¯ã€æœ€è¿‘ã«ãªã£ã¦ã‚ˆã†ã‚„ã (æ±—) 検証ã—㟠Vue.js ã§ã®ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆãƒ»ã‚¹ã‚¯ãƒªãƒ—ティング (XSS) ã«ã¤ã„ã¦ç´¹ä»‹ã—ã¾ã™ã€‚ ãªãŠã€æœ¬è¨˜äº‹ã®å†…容ã¯ç§è¦‹ã«åŸºã¥ãã‚‚ã®ã§ã‚ã‚Šã€æ‰€å±žçµ„織を代表ã™ã‚‹ã‚‚ã®ã§ã¯ã‚ã‚Šã¾ã›ã‚“。 å‰æ 本記事ã§ã¯ Vue.js を使ã£ã¦ XSS ã®è„†å¼±æ€§ã‚’作ã£ã¦ã—ã¾ã†ã‚ˆã†ãªã‚±ãƒ¼ã‚¹ã‚’説明ã—ã¾ã™ãŒã€ãã®ä»–ã® JavaScript ã®ãƒ©ã‚¤ãƒ–ラリ/フレームワークを使ã£ãŸå ´åˆã§ã‚‚åŒæ§˜ã®ãƒªã‚¹ã‚¯ãŒã‚ã‚‹å¯èƒ½æ€§ãŒã‚ã‚Šã¾ã™ã€‚ 検証ã§åˆ©ç”¨ã—ãŸãƒãƒ¼ã‚¸ãƒ§ãƒ³ Vue.js v2.5.16 (サ
How I found a $5,000 Google Maps XSS (by fiddling with Protobuf)
A few months ago, I used Google Maps. Or maybe Google Street View, I love Street View, it’s like a retrofuturistic way to teleport. Routinely, I looked at the address bar. Since sometime in 2014, parameters are not the mere query string they used to be. Instead, it’s a weird mash of alphanumeric characters separated by exclamation points. It’s abstruse, it has no public documentation whatsoever, i
Masato Kinugawa Security Blog: CVE-2018-5175: Firefoxã§CSPã®strict-dynamicãƒã‚¤ãƒ‘ス
English version is here: https://mksben.l0.cm/2018/05/cve-2018-5175-firefox-csp-strict-dynamic-bypass.html Firefox 60ã§ä¿®æ£ã•ã‚ŒãŸContent Security Policy(CSP)ã®strict-dynamicã‚’ãƒã‚¤ãƒ‘スã§ããŸè„†å¼±æ€§ã«ã¤ã„ã¦æ›¸ãã¾ã™ã€‚ https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5175 A mechanism to bypass Content Security Policy (CSP) protections on sites that have a script-src policy of 'strict-dynamic'. If a target
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
Stealing Amazon EC2 Keys via an XSS Vulnerability
XSS-Payloads/Without-Parentheses.md at master · RenwaX23/XSS-Payloads
Yet Another Chrome XSS Auditor Bypass - pythech's Blog
PayloadsAllTheThings/XSS injection at master · swisskyrepo/PayloadsAllTheThings · GitHub
Unleashing an Ultimate XSS Polyglot
5 Practical Scenarios for XSS Attacks | Pentest-Tools.com Blog
CTFtime.org / Meepwn CTF Quals 2018 / Grandline / Writeup
Amazon.co.jp: XSS Attacks: Cross Site Scripting Exploits and Defense (English Edition): Fogie, Seth: Digital Ebook Purchas
Cyber Security Services
{{#tags}}- {{label}}
{{/tags}}