[B! svg] hasegawayosukeã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

hasegawayosuke id:hasegawayosuke

svgã«é–¢ã™ã‚‹hasegawayosukeã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (6)

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

${{author_name}}$
{{author_name}}{{created}}
{{ #comment }}{{ comment }}{{ /comment }}
- {{ label }}

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

SVG - Exploiting Browsers without Image Parsing Bugs
SVG Exploiting Browsers without Image Parsing Bugs Rennie deGraaf iSEC Partners 07 August 2014 Rennie deGraaf (iSEC Partners) SVG Security BH USA 2014 1 / 55 Outline 1 A brief introduction to SVG What is SVG? Using SVG with HTML SVG features 2 Attacking SVG Attack surface Security model Security model violations 3 Content Security Policy A brief introduction CSP Violations 4 Conclusion Rennie deGr
hasegawayosuke 2014/10/06
csp

xss

svg
ãƒªãƒ³ã‚¯
SVG Fun Time - Firefox SVG Vector + Bypassing Chrome XSS Auditor
SVG Fun Time - Firefox SVG Vector + Bypassing Chrome XSS Auditor I played around with SVG and the <use> element and found some interesting things, which I want to share. I do not know if anyone already posted some information about that. Let me know, if there is already information out there :) ====================== SVG - <use> element ====================== The <use> element is used in SVG to re
hasegawayosuke 2014/02/05
xss

firefox

chrome

svg
ãƒªãƒ³ã‚¯
Scriptless Attacks â€“ Stealing the Pie Without Touching the Sill
Scriptless Attacks â€“ Stealing the Pie Without Touching the Sill Mario Heiderich, Marcus Niemietz, Felix Schuster, Thorsten Holz, JÃ¶rg Schwenk Horst GÃ¶rtz Institute for IT-Security Ruhr-University Bochum, Germany {firstname.lastname}@rub.de ABSTRACT Due to their high practical impact, Cross-Site Scripting (XSS) attacks have attracted a lot of attention from the security community members. In the sa
hasegawayosuke 2013/09/16
css

mario

svg

security

html5
ãƒªãƒ³ã‚¯
Scriptless Attacks - Stealing the Pie without touching the Sill
Scriptless Attacks - Stealing the Pie without touching the Sill - The document discusses scriptless attacks that can bypass traditional XSS defenses like NoScript and XSS filters by leveraging new HTML5 and CSS features. - It presents several proof-of-concept attacks including using CSS to steal passwords, using SVG fonts to brute force CSRF tokens, and using custom fonts to leak sensitive informa
hasegawayosuke 2013/09/16
css

mario

html5

security

svg
ãƒªãƒ³ã‚¯
https://html5sec.org/webkit/test
hasegawayosuke 2011/12/21
"How to analyze HTML/XML attribute values with CSS (Webkit only) http://bit.ly/tu6yTF // PoC" https://twitter.com/#!/0x6D6172696F/status/149405649661464577

css

svg

security

html5
ãƒªãƒ³ã‚¯
The Image that called me - Active Content Injection with SVG Files
The Image that called me - Active Content Injection with SVG Files Mario Heiderich gave a presentation on active content injection using SVG files. He discussed how SVG files are XML-based and support scripting, allowing execution of JavaScript. This enables security issues like XSS. Browser implementations of SVG are inconsistent, with different levels of script support depending on how SVG files
hasegawayosuke 2011/06/17
xss

svg
ãƒªãƒ³ã‚¯
1