ReDoS 検出ã®æœ€å…ˆç«¯ recheck ã®ç´¹ä»‹ / State of the Art of ReDoS DetectionYAPC::Japan::Online 2022 ã§ã®ç™ºè¡¨è³‡æ–™ã§ã™ã€‚ recheck:
/bin/bash based SSL/TLS tester: testssl.sh
Key features Clear output: you can tell easily whether anything is good or bad Ease of installation: Works for Linux, Mac OSX, FreeBSD, NetBSD and WSL/MSYS2/Cygwin out of the box: no need to install or configure something, no gems, CPAN, pip or the like. OpenBSD only needs bash to be postinstalled. Alternatively a Dockerfile is provided or you can just use docker run --rm -ti drwetter/testssl.sh F
2022å¹´1月ã«ãŠã„ã¦CSRF未対ç–ã®ã‚µã‚¤ãƒˆã¯ã©ã®æ¡ä»¶ã§è¢«å®³ã‚’å—ã‘ã‚‹ã‹
サマリ2020å¹´2月ã«Google Chromeã¯Cookieã®ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã®æŒ™å‹•ã‚’samesite=laxã«å¤‰æ›´ã—ã¾ã—ãŸãŒã€2022å¹´1月11æ—¥ã«Firefoxã‚‚åŒæ§˜ã®ä»•æ§˜ãŒå°Žå…¥ã•ã‚Œã¾ã—ãŸã€‚ã“ã®å¤‰æ›´ã¯ãƒ–ラウザå´ã§CSRF脆弱性を緩和ã™ã‚‹ãŸã‚ã®ã‚‚ã®ã§ã€ç‰¹å®šã®æ¡ä»¶ä¸‹ã§ã¯ã€ã‚¦ã‚§ãƒ–サイトå´ã§CSRF対ç–ã‚’ã—ã¦ã„ãªãã¦ã‚‚CSRF攻撃をå—ã‘ãªããªã‚Šã¾ã™ã€‚ã“ã®è¨˜äº‹ã§ã¯ã€ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆsamesite=laxã«ã¤ã„ã¦ã®åŸºç¤Žçš„ãªèª¬æ˜Žã«åŠ ãˆã€æœ€è¿‘ã®ãƒ–ラウザã®æŒ™å‹•ã®é•ã„ã«ã¤ã„ã¦èª¬æ˜Žã—ã¾ã™ã€‚ (2022å¹´1月29日追記) 本日確èªã—ãŸã¨ã“ã‚ã€Firefoxã«ãŠã‘るデフォルトsamesite=laxã¯ã‚ャンセルã•ã‚Œã€å¾“æ¥ã®æŒ™å‹•ã«æˆ»ã£ãŸã‚ˆã†ã§ã™ï¼ˆFirefox 96.0.3ã«ã¦ç¢ºèªï¼‰ã€‚デフォルトsamesite=lax自体ã¯å…ˆè¡Œã—ã¦Google Chromeã«ã¦å®Ÿè£…ã•ã‚Œã¦ã„ã¾ã—ãŸãŒã€ç´°ã‹ã„挙動ã®å·®ç•°ã§æ—¢å˜ã‚µã‚¤ãƒˆã«ä¸å…·åˆãŒ
Firefox 87 trims HTTP Referrers by default to protect user privacy – Mozilla Security Blog
Firefox 87 trims HTTP Referrers by default to protect user privacy We are pleased to announce that Firefox 87 will introduce a stricter, more privacy-preserving default Referrer Policy. From now on, by default, Firefox will trim path and query string information from referrer headers to prevent sites from accidentally leaking sensitive user data. Referrer headers and Referrer Policy Browsers send
セッションクッã‚ーã®æ‰±ã„を変ãˆã‚‹ã¨ãã¯ãƒ‰ãƒ¡ã‚¤ãƒ³ã®è¨å®šã«æ°—ã‚’ã¤ã‘よã†
利用ã—ã¦ãŸã‚‚ã® PHP(Phalconã§ã™ãŒã€FW関係ãªãèµ·ã“ã‚Šãˆã¾ã™) æ¦‚è¦ å…ˆæ—¥ã€æ—¢å˜ã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚¯ãƒƒã‚ーã«secure属性ã ã£ãŸã‚Šã€httponly属性ãŒã¤ã„ã¦ãªã„ã“ã¨ã«æ°—ã¥ãã¾ã—ã¦æ—¢å˜å®Ÿè£…ã‚’ä¿®æ£ã—よã†ã¨ã—ã¦ã„ã¾ã—ãŸã€‚ FWã®æ©Ÿèƒ½ã§ã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³ã«å±žæ€§ã‚’ã¤ã‘ã‚‹ã“ã¨ãŒã§ããªã„ã“ã¨ãŒã‚ã‹ã‚Šã€session_set_cookie_params関数を利用ã—ã¦ãƒ‡ãƒ¼ã‚¿ã‚’入れよã†ã¨ã—ã¾ã—ãŸã€‚ ãã®éš›ã€ç§ã®èªè˜ãŒç”˜ã‹ã£ãŸã“ã¨ã‚‚ã‚ã‚Šã€ãƒ‰ãƒ¡ã‚¤ãƒ³ã«HttpHoståを入れã¾ã—ãŸã€‚ã‹ã¤ã€lifetimeã®å€¤ã«setcookie関数ã¨åŒæ§˜ã«time()を足ã—ã¦ã—ã¾ã„ã¾ã—ãŸã€‚(ãã®çµæžœæœ‰åŠ¹æœŸé™ãŒ2071å¹´ãらã„ã«ãªã‚‹) 何ãŒèµ·ããŸã‹ 元々ã‚ã£ãŸdomain.localhostã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚¯ãƒƒã‚ーã¨.domain.localhostã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚¯ãƒƒã‚ーãŒãƒ–ラウザ内ã«ã§ãã¾ã—ãŸã€‚普通ã¯ã§ããªã„ã¯ãšã ã¨æ€ã†ã®ã§ã™ãŒã€è‰²
About · Container Security Book
Container Security Book âš ï¸ã“ã®æ–‡æ›¸ã¯è£½ä½œä¸ã®ã‚‚ã®ã§ã™ About ã“ã‚Œã‹ã‚‰ Linux コンテナã®ã‚»ã‚ュリティをå¦ã³ãŸã„人ã®ãŸã‚ã®æ–‡æ›¸ã§ã™ã€‚ 普段ã‹ã‚‰ã‚³ãƒ³ãƒ†ãƒŠã‚’扱ã£ã¦ã„ã‚‹ãŒã€ã‚³ãƒ³ãƒ†ãƒŠã®åŸºç¤ŽæŠ€è¡“ã‚„ã‚»ã‚ュリティã«ã¤ã„ã¦ã¯åˆ†ã‹ã‚‰ãªã„ã¨ã„ã†äººãŒã€ãれらをç†è§£ã§ãる足ãŒã‹ã‚Šã«ãªã‚‹ã‚ˆã†ã«æ›¸ã‹ã‚Œã¦ã„ã¾ã™ã€‚ 誤å—脱å—ã‚„é–“é•ã„ãªã©ã‚れ㰠https://github.com/mrtc0/container-security-book ã« Issue ã‚‚ã—ã㯠Pull Request ã‚’ç«‹ã¦ã¦ãã ã•ã„。 ã”æ„見ã€ã”感想ç‰ã¯ Twitter ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚° #container_security ã§ãƒ„イートをãŠé¡˜ã„ã—ã¾ã™ã€‚ License ã“ã®æ›¸ç±ã«è¨˜è¿°ã•ã‚Œã¦ã„ã‚‹ã™ã¹ã¦ã®ã‚½ãƒ¼ã‚¹ã‚³ãƒ¼ãƒ‰ã¯ MIT ライセンスã¨ã—ã¾ã™ã€‚ ã¾ãŸã€æ–‡ç« 㯠Creative Commons Attribution
ブラウザã®Favicon(ファビコン)ã§ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚’追跡ã™ã‚‹ã€Œã‚¹ãƒ¼ãƒ‘ークッã‚ーã€ã¨ã¯ï¼Ÿ
ブラウザã®ã‚¿ãƒ–ãªã©ã«è¡¨ç¤ºã•ã‚Œã‚‹Favicon(ファビコン)ã¯ã€ã‚µã‚¤ãƒˆã®ã‚·ãƒ³ãƒœãƒ«ã¨ã—ã¦é‡è¦ãªã‚¢ã‚¤ã‚³ãƒ³ã§ã™ã€‚ã—ã‹ã—ã€ã“ã®ãƒ•ã‚¡ãƒ“コンã«ã¯Cookie(クッã‚ー)ã®ã‚ˆã†ã«ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚’追跡å¯èƒ½ãªã€Œã‚¹ãƒ¼ãƒ‘ークッã‚ーã€ã®å•é¡ŒãŒæ½œã‚“ã§ã„ã‚‹ã¨ã€ç ”究者らãŒè¦é˜ã‚’鳴らã—ã¦ã„ã¾ã™ã€‚ Tales of Favicons and Caches – Persistent Tracking in Modern Browsers (PDFファイル)https://www.cs.uic.edu/~polakis/papers/solomos-ndss21.pdf supercookie • workwise https://supercookie.me/workwise ファビコンã¨ã¯ã€ã‚µã‚¤ãƒˆã®ã‚·ãƒ³ãƒœãƒ«ãƒžãƒ¼ã‚¯ã¨ã—ã¦ã‚¿ãƒ–ã‚„URLã®éš£ãªã©ã«è¡¨ç¤ºã•ã‚Œã‚‹å°ã•ãªã‚¢ã‚¤ã‚³ãƒ³ã®ã“ã¨ã§ã™ã€‚ イリノイ大å¦ã‚·ã‚«ã‚´æ ¡ã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ãƒ¼ç ”ç©¶è€…ã‚‰ã¯2021
DNSpooqã®è„†å¼±æ€§è©³ç´°ã¨æ”»æ’ƒã‚³ãƒ¼ãƒ‰è§£èª¬ - knqyf263's blog
æ¦‚è¦ è¦ç´„ 詳細 背景 å‰æ インターãƒãƒƒãƒˆä¸Šã«å…¬é–‹ã•ã‚ŒãŸdnsmasq LAN内ã®ãƒžã‚·ãƒ³ãŒæ”»æ’ƒè€…ã®æ”¯é…下ã«ã‚ã‚‹ LAN内ã®ãƒžã‚·ãƒ³ã«æ”»æ’ƒè€…管ç†ã®Webサイトを閲覧ã•ã›ã‚‹ã“ã¨ãŒã§ãã‚‹ 影響 ä¸é–“者攻撃 汚染拡大 DDoS/Reverse DDoS CVE-2020-25684: ãƒãƒ¼ãƒˆã®å¤šé‡åŒ– CVE-2020-25685: 脆弱ãªCRC32ã®åˆ©ç”¨ CVE-2020-25686: åŒä¸€ãƒ‰ãƒ¡ã‚¤ãƒ³åã«å¯¾ã™ã‚‹è¤‡æ•°ã‚¯ã‚¨ãƒªç™ºè¡Œ DNSフォワーダã«ãŠã‘るレスãƒãƒ³ã‚¹ã®æœªæ¤œè¨¼ 組ã¿åˆã‚ã›ã‚‹ ドメインåã®ç™»éŒ² ソースIPアドレスã®å½è£… CRC32ã®è¡çª 攻撃ã®æµã‚Œ ブラウザã‹ã‚‰ã®æ”»æ’ƒ 検証端末 攻撃ã®æˆåŠŸç¢ºçŽ‡ PoC fowarder cache attacker 大é‡ã‚¯ã‚¨ãƒªã®é€ä¿¡ å½è£…レスãƒãƒ³ã‚¹ã®é€ä¿¡ 高速化ã®è©± 実行 対ç–ãƒ»ç·©å’Œç– ä½™è«‡ ã¾ã¨ã‚ æ¦‚è¦ å…ˆæ—¥DNSpooqã¨ã„ã†è„†å¼±æ€§ãŒå…¬é–‹ã•ã‚Œã¾ã—ãŸã€‚ ww
VSCodeã®GitHubリãƒã‚¸ãƒˆãƒªã«å¯¾ã™ã‚‹ä¸æ£ãªPushアクセス
ã¯ã˜ã‚ã«Microsoftã¯è„†å¼±æ€§ã®è¨ºæ–行為をセーフãƒãƒ¼ãƒãƒ¼ã«ã‚ˆã‚Šè¨±å¯ã—ã¦ã„ã¾ã™ã€‚ 本記事ã¯ã€ãã®ã‚»ãƒ¼ãƒ•ãƒãƒ¼ãƒãƒ¼ã‚’éµå®ˆã—ãŸä¸Šã§ç™ºè¦‹/å ±å‘Šã—ãŸè„†å¼±æ€§ã‚’解説ã—ãŸã‚‚ã®ã§ã‚ã‚Šã€ç„¡è¨±å¯ã®è„†å¼±æ€§è¨ºæ–行為を推奨ã™ã‚‹äº‹ã‚’æ„図ã—ãŸã‚‚ã®ã§ã¯ã‚ã‚Šã¾ã›ã‚“。 MicrosoftãŒé‹å–¶/æä¾›ã™ã‚‹ã‚µãƒ¼ãƒ“スã«è„†å¼±æ€§ã‚’発見ã—ãŸå ´åˆã¯ã€Microsoft Bug Bounty Programã¸å ±å‘Šã—ã¦ãã ã•ã„。 è¦ç´„VSCodeã®Issue管ç†æ©Ÿèƒ½ã«è„†å¼±æ€§ãŒå˜åœ¨ã—ã€ä¸é©åˆ‡ãªæ£è¦è¡¨ç¾ã€èªè¨¼ã®æ¬ 如ã€ã‚³ãƒžãƒ³ãƒ‰ã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³ã‚’組ã¿åˆã‚ã›ã‚‹ã“ã¨ã«ã‚ˆã‚ŠVSCodeã®GitHubリãƒã‚¸ãƒˆãƒªã«å¯¾ã™ã‚‹ä¸æ£ãªæ›¸ãè¾¼ã¿ãŒå¯èƒ½ã ã£ãŸã€‚ 発見ã®ãã£ã‹ã‘電車ã«ä¹—ã£ã¦ã„ã‚‹éš›ã«ãµã¨æ€ã„ç«‹ã£ã¦microsoft/vscodeを眺ã‚ã¦ã„ãŸæ‰€ã€CI用ã®ã‚¹ã‚¯ãƒªãƒ—トãŒåˆ¥ã®ãƒªãƒã‚¸ãƒˆãƒª(microsoft/vscode-github-triage-actions)ã«ã¾
SAD DNSã®ICMP rate limitを用ã„ãŸã‚µã‚¤ãƒ‰ãƒãƒ£ãƒãƒ«æ”»æ’ƒã«ã¤ã„㦠- knqyf263's blog
脆弱性ãƒã‚¿ã¯äººæ°—ãŒãªã„ã“ã¨ãŒéŽåŽ»ã®å‚¾å‘ã‹ã‚‰æ˜Žã‚‰ã‹ã§ã™ãŒã€è‡ªåˆ†ãŒéœ‡ãˆã‚‹ã»ã©æ„Ÿå‹•ã—ãŸã®ã§å¿˜ã‚Œãªã„ãŸã‚ã«ã‚‚æ°—åˆã„入れã¦å¤§ä½œã‚’書ãã¾ã—ãŸã€‚ è¦ç´„ 背景 SAD DNSã®è§£èª¬ å…¨ä½“åƒ UDPã®ã‚½ãƒ¼ã‚¹ãƒãƒ¼ãƒˆã«ã¤ã„㦠ICMP rate limit per-IP rate limit global rate limit Public-Facing Source Portã®ã‚¹ã‚ャン Private Source Portã®ã‚¹ã‚ャン 攻撃Windowã®æ‹¡å¼µ サイドãƒãƒ£ãƒãƒ«æ”»æ’ƒã§UDPソースãƒãƒ¼ãƒˆã‚’推測ã—ã¦ã¿ã‚‹ å¯¾ç– æ”»æ’ƒå®Ÿç¾æ€§ ã¾ã¨ã‚ è¦ç´„ ã¡ã‚ƒã‚“ã¨ç†è§£ã™ã‚‹ã®çµæ§‹é›£ã—ã„ã¨ã„ã†è©±ãŒã‚ã£ãŸã®ã§ã€å…ˆã«è¦ç´„ã—ã¦ãŠãã¾ã™ã€‚雰囲気ã ã‘ã§ã‚‚掴んã§ã‚‚らãˆã‚‹ã¨å¬‰ã—ã„ã§ã™ã€‚ DNSã‚ャッシュãƒã‚¤ã‚ºãƒ‹ãƒ³ã‚°ã®æ–°ã—ã„手法ã¨ã—ã¦SAD DNSãŒç™ºè¡¨ã•ã‚ŒãŸ ã‚ャッシュãƒã‚¤ã‚ºãƒ‹ãƒ³ã‚°ã®ãŸã‚ã«ã¯æ¨©å¨DNSサーãƒæ£è¦ã®å¿œç”ã‚’è¿”ã™ã‚ˆã‚Šå…ˆã«æ”»æ’ƒè€…ãŒ
Brian Tracy - copy-paste-shell
Don't Copy Paste Into A ShellWhen you see a shell command on the Internet, do not copy it into your terminal. Modern JavaScript Clipboard APIs allow a website to trivially overwrite what you put inside your clipboard, without the user's confirmation or permission. Here is an example of how easy it is to perform this attack. Imagine that the red text below is a shell command you want to use. Below
CVE-2019-11043:PHP-FPMã«ãŠã‘る脆弱性ã«ã‚ˆã‚Šã€nginxã§ãƒªãƒ¢ãƒ¼ãƒˆã‹ã‚‰ä»»æ„ã®ã‚³ãƒ¼ãƒ‰ãŒå®Ÿè¡Œã•ã‚Œã‚‹å¯èƒ½æ€§ã‚ã‚Š
nginxã¨PHP-FPMを使用ã™ã‚‹Webサーãƒãƒ¼ã¯ã€ç‰¹å®šã®æ¡ä»¶ä¸‹ã§ã“ã®æ¬ 陥ã«å¯¾ã—ã¦è„†å¼±ã§ã™ã€‚ 背景 10月22æ—¥ã€ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ç ”ç©¶è€…ã®Omar Ganievæ°ã¯ã€PHPã®FastCGI Process Manager(FPM)ã§ã‚ã‚‹PHP-FPMã«ãŠã‘る「パッãƒãŒé©ç”¨ã•ã‚ŒãŸã°ã‹ã‚Šã€ã®ãƒªãƒ¢ãƒ¼ãƒˆã‚³ãƒ¼ãƒ‰å®Ÿè¡Œã®è„†å¼±æ€§ã«é–¢ã™ã‚‹ãƒ„イートを公開ã—ã¾ã—ãŸã€‚ ã“ã®ãƒ„イートã«ã¯ã€è„†å¼±æ€§ã®æ¦‚念実証(PoC)ãŒå…¬é–‹ã•ã‚ŒãŸGitHubリãƒã‚¸ãƒˆãƒªã¸ã®ãƒªãƒ³ã‚¯ãŒå«ã¾ã‚Œã¦ã„ã¾ã™ã€‚ Freshly patched RCE in PHP-FPM:https://t.co/kaVsCStBJx Exploit:https://t.co/VLmhxMWVxo Many nginx+PHP configurations vulnerable, watch out! — BECHED (@ahack_ru) October 22,
Potential bypass of Runas user restrictions (October 14, 2019) - Sudo
Exploiting the bug requires that the user have sudo privileges that allow them to run commands with an arbitrary user ID. Typically, this means that the user’s sudoers entry has the special value ALL in the Runas specifier. Sudo supports running a command with a user-specified user name or user ID, if permitted by the sudoers policy. For example, the following sudoers entry allow the id command to
SSRF基礎
OWASP Night 2019-09-18 / OWASP Japan
CSRF is (really) dead
Scott Helme Security researcher, entrepreneur and international speaker who specialises in web technologies. More posts by Scott Helme. A little while back I wrote a blog post about how "CSRF is dead". It focused on SameSite cookies, a powerful yet simple feature to protect your website against CSRF attacks. As powerful as it was, and as much as it will kill CSRF, you had to enable it on your site
Google Chrome EV表示ã®çµ‚焉 - ã¼ã¡ã¼ã¡æ—¥è¨˜
1. Chrome ã§EV証明書ã®çµ„ç¹”å表示ãŒãªããªã‚‹ ã¤ã„ã«Googleã‹ã‚‰Chromeã®URLãƒãƒ¼ã‹ã‚‰EV表示を削除ã™ã‚‹æ£å¼ãªã‚¢ãƒŠã‚¦ãƒ³ã‚¹ãŒå‡ºã¾ã—ãŸã€‚ Upcoming Change to Chrome's Identity Indicators EV UI Moving to Page Info ç¾åœ¨(2019å¹´8月) Stableã®Chrome76ã§ã¯ã€ä»¥ä¸‹ã®æ§˜ã«URLãƒãƒ¼å·¦å´ã«EV証明書を利用ã—ã¦ã„ã‚‹ã“ã¨ã‚’示ã™ã€Œçµ„ç¹”å+国åã€è¡¨ç¤ºãŒä»˜ã„ã¦ã„ã¾ã™ã€‚ Chrome76ã®EV表示 2019å¹´9月10æ—¥Stableリリース予定ã®Chrome77ã‹ã‚‰ã¯EV表示ãŒURLãƒãƒ¼ã‹ã‚‰å‰Šé™¤ã•ã‚Œã€éµã‚¢ã‚¤ã‚³ãƒ³ã‚’クリックã—ã¦è¡¨ç¤ºã•ã‚Œã‚‹Page Infoã«ã€Œçµ„ç¹”å+国åã€ãŒè¡¨ç¤ºã•ã‚Œã‚‹ã‚ˆã†ã«ãªã‚Šã¾ã™ã€‚ Googleã®ã‚¢ãƒŠã‚¦ãƒ³ã‚¹ã§ã¯ã€ "on certain websites" ã¨æ›¸ã„ã¦ã‚ã‚‹ã“ã¨ã‹ã‚‰ä¸€æ°—ã«ã§ã¯ãªã
How's My SSL?
Your SSL client is Probably Okay. Check out the sections below for information about the SSL/TLS client you used to render this page. Yeah, we really mean "TLS", not "SSL". Version Good Your client is using TLS 1.3, the most modern version of the encryption protocol. It gives you access to the fastest, most secure encryption possible on the web. Learn More Ephemeral Key Support Good Ephemeral keys
AWSã€ä¾µå…¥ãƒ†ã‚¹ãƒˆç”³è«‹ã‚„ã‚ã‚‹ã£ã¦ã‚ˆ - ã¨ã‚る診æ–å“¡ã®å‚™å¿˜éŒ²
先日twitterを見ã¦ã„ãŸã‚‰ã€ã“ã‚“ãªã¤ã¶ã‚„ãã‚’æ‹è¦‹ã—ã¦ã€å€‹äººçš„ã«ä¾µå…¥ãƒ†ã‚¹ãƒˆç”³è«‹ã«ã¯è‰²ã€…æ€ã„入れã®ã‚る身ã§ã‚ã‚‹ãŸã‚ã€ãƒ“ックリã—ãŸã€Œã¨ã‚る診æ–å“¡ã€ã§ã™ã€‚ ã‚れ?AWSã®ä¾µå…¥ãƒ†ã‚¹ãƒˆç”³è«‹ã„らãªããªã‚Šã¾ã—ãŸï¼Ÿ pic.twitter.com/Z6ULU10SMy— 三ツ矢 â—Ž=3 (@328__) March 1, 2019 ã“ã®ãƒ–ãƒã‚°ã§ã‚‚ã¨ã‚Šã‚ã’ã¾ã—ãŸãŒã€ä»Šã¾ã§AWSã¯ãƒšãƒãƒˆãƒ¬ãƒ¼ã‚·ãƒ§ãƒ³ãƒ†ã‚¹ãƒˆã‚„脆弱性診æ–ãªã©ã‚’実施ã™ã‚‹éš›ã«ã€AWSå´ã¸ã®äº‹å‰ã®ç”³è«‹ãŒå¿…è¦ã ã£ãŸã®ã§ã™ãŒã€ä»Šå›žãƒãƒªã‚·ãƒ¼ã®å¤‰æ›´ãŒã‚ã£ãŸã‚‰ã—ãã©ã†ã‚„らä¸è¦ã«ãªã£ãŸã‚ˆã†ã§ã™ã€‚ ã¨ã„ã†ã“ã¨ã§ã€ç§ã‚‚自分ã§ç¢ºèªã‚’ã—ã¦ã¿ã¾ã—ãŸã€‚ Penetration Testing - Amazon Web Services (AWS) ç¾åœ¨æ—¥æœ¬èªžç‰ˆã‚µã‚¤ãƒˆã¯ã€ç¿»è¨³ãŒé–“ã«åˆã£ã¦ãªã„よã†ã§ã¾ã æ›´æ–°ã•ã‚Œã¦ãªã„よã†ã§ã™ãŒï¼ˆ2019/3/5確èªï¼‰ã€è‹±èªžç‰ˆã®æ–¹ã¯è¨˜è¼‰å†…容ãŒã‚¬ãƒ©ãƒª
EC2上ã§DNS Rebindingã«ã‚ˆã‚‹SSRF攻撃å¯èƒ½æ€§ã‚’検証ã—ãŸ
AWS EC2環境ã§ã®DNS Rebindingã«ã¤ã„ã¦æ¤œè¨¼ã—ãŸã®ã§ç´¹ä»‹ã—ã¾ã™ã€‚ ã¾ãšã¯ã€ã€Œå‰å›žã¾ã§ã®ãŠã•ã‚‰ã„ã€ã§ã™ã€‚先日以下ã®è¨˜äº‹ã§SSRF攻撃ãŠã‚ˆã³SSRF脆弱性ã«ã¤ã„ã¦ç´¹ä»‹ã—ã¾ã—ãŸã€‚ SSRF(Server Side Request Forgery)徹底入門 ã“ã®è¨˜äº‹ã®ä¸ã§ã€ä»¥ä¸‹ã®ã‚ˆã†ã«ç´¹ä»‹ã—ã¾ã—ãŸã€‚ ホストåã‹ã‚‰IPアドレスを求ã‚ã‚‹éš›ã«ã‚‚以下ã®å•é¡ŒãŒç™ºç”Ÿã—ã¾ã™ã€‚ DNSサーãƒãƒ¼ãŒè¤‡æ•°ã®IPアドレスを返ã™å ´åˆã®å‡¦ç†ã®æ¼ã‚Œ IPアドレスã®è¡¨è¨˜ã®å¤šæ§˜æ€§ï¼ˆå‚考記事) IPアドレスãƒã‚§ãƒƒã‚¯ã¨HTTPリクエストã®ã‚¿ã‚¤ãƒŸãƒ³ã‚°ã®å·®ã‚’悪用ã—ãŸæ”»æ’ƒï¼ˆTOCTOU脆弱性) リクエスト先ã®Webサーãƒãƒ¼ãŒã€æ”»æ’ƒå¯¾è±¡ã‚µãƒ¼ãƒãƒ¼ã«ãƒªãƒ€ã‚¤ãƒ¬ã‚¯ãƒˆã™ã‚‹ 上記ã®TOCTOU(Time of check to time of use)å•é¡Œã¯ã€DNSã®åå‰è§£æ±ºã®æ–‡è„ˆã§ã¯DNS Rebindingã¨ã‚‚呼ã°ã‚Œã¾ã™ã€‚ DNS R
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
CVE-2021-41270: Prevent CSV Injection via formulas (Symfony Blog)
{{#tags}}- {{label}}
{{/tags}}