[B! XSS] hatanaokiã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

hatanaoki id:hatanaoki

XSSã«é–¢ã™ã‚‹hatanaokiã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (10)

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

${{author_name}}$
{{author_name}}{{created}}
{{ #comment }}{{ comment }}{{ /comment }}
- {{ label }}

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

å®Ÿä¾‹ã«å¦ã¶XSSè„†å¼±æ€§ã®ç™ºè¦‹ã¨ä¿®æ£æ–¹æ³•/line_dm 16 20160916 how to find and fix xss
LINE Developer Meetup in Fukuoka #16 http://connpass.com/event/38413/
hatanaoki 2016/10/02
*slide

security

XSS
ãƒªãƒ³ã‚¯
Electronã§ã‚¢ãƒ—ãƒªã‚’æ›¸ãå ´åˆã¯ã€æ°—åˆã„ã¨æ ¹æ€§ã§XSSã‚’ç™ºç”Ÿã•ã›ãªã„ã‚ˆã†ã«ã—ãªã‘ã‚Œã°ãªã‚‰ãªã„ã€‚ - è‘‰ã£ã±æ—¥è¨˜
ãã®ã†ã¡ã‚‚ã†å°‘ã—ãã¡ã‚“ã¨æ›¸ãã¾ã™ãŒã€ã¨ã‚Šã‚ãˆãšæ™‚é–“ãŒãªã„ã®ã§çµè«–ã ã‘æ›¸ãã¨ã€ã‚¿ã‚¤ãƒˆãƒ«ãŒå…¨ã¦ã§Electronã§ã‚¢ãƒ—ãƒªã‚’æ›¸ãå ´åˆã¯æ°—åˆã„ã¨æ ¹æ€§ã§XSSã‚’ç™ºç”Ÿã•ã›ãªã„ã‚ˆã†ã«ã—ãªã‘ã‚Œã°ãªã‚‰ãªã„ã€‚ ã“ã‚Œã¾ã§Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ä¸Šã§XSSãŒå˜åœ¨ã—ãŸã¨ã—ã¦ã‚‚ã€å½±éŸ¿ç¯„å›²ã¯ãã®Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã®ä¸ã«ç•™ã¾ã‚‹ã®ã§ã€Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã®æä¾›å´ãŒãã‚Œã‚’è¨±å®¹ã™ã‚‹ã®ã§ã‚ã‚Œã°XSSã®å˜åœ¨ã«ç›®ã‚’ã¤ã‚€ã‚‹ã“ã¨ã‚‚ã§ããŸã€‚ã—ã‹ã—ã€Electronã‚¢ãƒ—ãƒªã§DOM-based XSSãŒä¸€ã‹æ‰€ã§ã‚‚ç™ºç”Ÿã™ã‚‹ã¨ã€(ãŠãã‚‰ã)ç¢ºå®Ÿã«ä»»æ„ã‚³ãƒ¼ãƒ‰å®Ÿè¡Œã¸ã¨ã¤ãªãŒã‚Šã€åˆ©ç”¨è€…ã®PCã®(ãã®ãƒ¦ãƒ¼ã‚¶ãƒ¼æ¨©é™ã§ã®)å…¨æ©Ÿèƒ½ãŒæ”»æ’ƒè€…ã«ã‚ˆã£ã¦åˆ©ç”¨ã§ãã‚‹ã€‚ ãã®ãŸã‚ã€Electronã§ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã‚’ä½œæˆã™ã‚‹é–‹ç™ºè€…ã¯æ°—åˆã„ã¨æ ¹æ€§ã§XSSã‚’å®Œå…¨ã«ã¤ã¶ã•ãªã‘ã‚Œã°ãªã‚‰ãªã„ã€‚ nodeIntegration:falseã‚„Content-Security-Pol
hatanaoki 2015/12/25
Electron

XSS
ãƒªãƒ³ã‚¯
ãƒã‚°ãƒãƒ³ã‚¿ãƒ¼ã®å“€ã—ã¿
12. èª¿æŸ»æ–¹æ³• â¶ URLã®#ä»¥é™ã«U+2028ã¨DOM based XSSãŒèµ·ãå¾—ã‚‹æ–‡å—åˆ—ã‚’ã¤ã‘ã¦ ã¾ã‚ã‚‹ â· å¤‰ãªã‚¨ãƒ©ãƒ¼ãŒã§ãªã„ã‹ã¿ã‚‹ http://host/#[U+2028]'"><svg/onload=alert(1)> 13. ã™ã‚‹ã¨ Benesseã®ã‚µã‚¤ãƒˆã«ãƒ¡ãƒãƒ£æ™®é€šã®DOM based XSSãŒã‚ã£ãŸ https://web.archive.org/web/20130723155109/http://manabi.benes se.ne.jp/#"><svg/onload=alert(1)> function writeAccesskeyForm(){ var htm = ''; var ownURI = location.href; //ç•¥ htm+= '<input type="hidden" name="backurl" value="' + ownURI + '"
hatanaoki 2015/11/21
*slide

security

XSS
ãƒªãƒ³ã‚¯
è‰²ã‚“ãªXSS â€“ nootropic.me
2015/4/16(æœ¨)ï¼šãƒšãƒ¼ã‚¸ã®ä¸€ç•ªä¸‹ã«è¿½è¨˜ã‚’è¨˜è¿°ã—ã¾ã—ãŸã€‚ ãã®æ˜”ã€ãªã‚“ã¨ã‹ã‚ãƒ£ãƒ³ãƒ—ã¨ã„ã†ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã®ã‚¤ãƒ™ãƒ³ãƒˆã«å‚åŠ ã—ãŸæ™‚ã€Œã‚¢ã‚¦ãƒˆãƒ—ãƒƒãƒˆãŒå¤§äº‹ã€ã¨è¨€ã‚ã‚ŒãŸã®ã‚’æ€ã„å‡ºã—ã¾ã—ãŸã€‚ ã§ã‚‚ã€æ™®é€šè‡ªåˆ†ã®è¦‹ã¤ã‘ãŸçŸ¥è˜ã¯å¾Œç”Ÿå¤§äº‹ã«æŠ±ãˆã¦ãŠããŸã„ã‚‚ã‚“ã ã¨æ€ã„ã¾ã™ã€‚ ãã“ã§ä»Šå›žã¯ãã†ã„ã£ãŸä½•ã‹ã—ã‚‡ãƒ¼ã‚‚ãªã„ã‚‚ã®ã‚’æ¨ã¦ã‚‹ã¹ãã€æºœã‚è¾¼ã‚“ã è‰²ã‚“ãªXSSã®PoCã‚’å°‘ã—æ›¸ãå‡ºã—ã¦ã¾ã¨ã‚ã¾ã—ãŸã€‚ ä»Šã¾ã§è‡ªåˆ†ã§è¦‹ã¤ã‘ãŸã‚‚ã®ã‚„æµ·å¤–ã®Security Researcheré”ã‹ã‚‰åŽé›†ã—ãŸã‚‚ã®ã‚‚ã‚ã‚Šã¾ã™ã€‚ ã•ã¦ã€ä»Šå›žãƒªã‚¹ãƒˆã‚¢ãƒƒãƒ—ã—ãŸPoCã®è¦‹æ–¹ã§ã™ãŒã„ãã¤ã‹ã®é …ç›®ãŒã‚ã‚Šã¾ã™ã€‚ ä¸€ç•ªä¸Šã®ã€Œæ‰‹æ³•ã€ã¯ã‚¿ã‚¤ãƒˆãƒ«ã¿ãŸã„ãªã‚‚ã®ã ã¨æ€ã£ã¦ä¸‹ã•ã„ã€‚ äºŒç•ªç›®ã®ã€ŒPoCã€ã¯ã‚¹ã‚¯ãƒªãƒ—ãƒˆã‚’å®Ÿè¡Œã™ã‚‹ç‚ºã®ã‚³ãƒ¼ãƒ‰ã§ã™ã€‚æ®†ã©ãŒã‚¢ãƒ©ãƒ¼ãƒˆãŒå‡ºã‚‹ã ã‘ã®ã‚¹ã‚¯ãƒªãƒ—ãƒˆã®ç‚ºå±é™ºãªã‚³ãƒ¼ãƒ‰ã¯ç„¡ã„ã¤ã‚‚ã‚Šã§ã™ãŒã”è‡ªåˆ†ã®ãƒ–ãƒ©ã‚¦ã‚¶ã§å®Ÿè¡Œã™ã‚‹éš›ã¯è‡ªå·±è²¬ä»»ã§ãŠé¡˜ã„ã—ã¾ã™ã€‚ãƒªãƒ³ã‚¯ã‚’ã‚¯ãƒªãƒƒ
hatanaoki 2015/04/14
security

XSS
ãƒªãƒ³ã‚¯
ãƒ–ãƒ©ã‚¦ã‚¶ä¸Šã§Markdownã‚’å®‰å…¨ã«å±•é–‹ã™ã‚‹ - è‘‰ã£ã±æ—¥è¨˜
ä¸ç‰¹å®šã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒå…¥åŠ›ã—ãŸMarkdownã‚’ãƒ–ãƒ©ã‚¦ã‚¶ä¸Šã§JavaScriptã‚’ä½¿ã£ã¦HTMLã«å¤‰æ›ã™ã‚‹ã¨ã„ã†å ´é¢ã«ãŠã„ã¦ã¯ã€JavaScriptã§å¤‰æ›ã—ã¦HTMLã‚’ç”Ÿæˆã™ã‚‹ã¨ã„ã†å‡¦ç†ã®éƒ½åˆä¸Šã©ã†ã—ã¦ã‚‚DOM-based XSSã®ç™ºç”Ÿã‚’è€ƒãˆãªã„ã‚ã‘ã«ã¯ã„ã‹ãªã„ã€‚ã‹ã¨ã„ã£ã¦ã€Markdownã‚’ãƒ‘ãƒ¼ã‚¹ã—HTMLã‚’ç”Ÿæˆã™ã‚‹ã¨ã„ã†å‡¦ç†ã™ã¹ã¦ã‚’XSSãŒå˜åœ¨ã—ãªã„ã‚ˆã†ã«æ³¨æ„ã—ãªãŒã‚‰è‡ªåˆ†ã§æ›¸ãã®ã‚‚å¤§å¤‰ã ã—ã€markedã‚„markdown-jsãªã©ã®æ—¢å˜ã®å¤‰æ›ç”¨ã®JSã‚’æŒã£ã¦ãã¦ã‚‚ãã‚Œã‚‰ãŒXSSã—ãªã„ã‹ã‚’ç¢ºèªã™ã‚‹ã®ã¯çµæ§‹å¤§å¤‰ã ã£ãŸã‚Šã™ã‚‹ã€‚ ãã†ã„ã£ãŸå ´åˆã«ã¯ã€Markdownã‹ã‚‰ç”Ÿæˆã•ã‚ŒãŸHTMLã‚’RickDOMã‚’é€šã™ã“ã¨ã§ã€ä¸‡ãŒä¸€HTMLå†…ã«JavaScriptãŒå«ã¾ã‚Œã¦ã„ãŸã¨ã—ã¦ã‚‚ãã‚Œã‚‰ã‚’é™¤å¤–ã—ã€è¨±å¯ã•ã‚ŒãŸè¦ç´ ã€è¨±å¯ã•ã‚ŒãŸå±žæ€§ã ã‘ã§æ§‹ç¯‰ã•ã‚ŒãŸå®‰å…¨ãªHTMLã«å†æ§‹ç¯‰ã™ã‚‹ã“ã¨ãŒã§ãã‚‹ã€‚ã•ã‚‰ã«ã€ãã†ã‚„ã£ã¦ç”Ÿæˆ
hatanaoki 2015/01/31
security

XSS

javascript
ãƒªãƒ³ã‚¯
IDEA * IDEA
ãƒ‰ãƒƒãƒˆã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ä»£è¡¨ã®ãƒ©ã‚¤ãƒ•ãƒãƒƒã‚¯ãƒ–ãƒã‚°
hatanaoki 2014/05/30
XSS
ãƒªãƒ³ã‚¯
çŸ¥ã£ã¦ã„ã‚Œã°æããªã„ã€XMLHttpRequestã«ã‚ˆã‚‹XSSã¸ã®å¯¾å¿œæ–¹æ³•
çŸ¥ã£ã¦ã„ã‚Œã°æããªã„ã€XMLHttpRequestã«ã‚ˆã‚‹XSSã¸ã®å¯¾å¿œæ–¹æ³•ï¼šHTML5æ™‚ä»£ã®ã€Œæ–°ã—ã„ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ãƒ»ã‚¨ãƒã‚±ãƒƒãƒˆã€ï¼ˆ3ï¼‰ï¼ˆ1/2 ãƒšãƒ¼ã‚¸ï¼‰ é€£è¼‰ç›®æ¬¡ çš†ã•ã‚“ã“ã‚“ã«ã¡ã¯ã€‚ãƒãƒƒãƒˆã‚¨ãƒ¼ã‚¸ã‚§ãƒ³ãƒˆã®ã¯ã›ãŒã‚ã‚ˆã†ã™ã‘ã§ã™ã€‚å‰å›žã¯ã€åŒä¸€ã‚ªãƒªã‚¸ãƒ³ãƒãƒªã‚·ãƒ¼ã‚’çªç ´ã™ã‚‹æ”»æ’ƒã®ä»£è¡¨çš„äº‹ä¾‹ã§ã‚ã‚‹XSSã«ã¤ã„ã¦ã€ç‰¹ã«DOM based XSSã¨å‘¼ã°ã‚Œã‚‹ã‚‚ã®ã«ã¤ã„ã¦è§£èª¬ã—ã¾ã—ãŸã€‚ä»Šå›žã¯ãã®ç¶šãã¨ã—ã¦ã€XMLHttpRequestã«ã‚ˆã‚‹XSSã‚’è§£èª¬ã—ã¾ã™ã€‚ XHR Level 2ã«ã‚ˆã‚‹ãƒªãƒ¢ãƒ¼ãƒˆã‹ã‚‰ã®ã‚³ãƒ¼ãƒ‰æŒ¿å…¥ã«ã‚ˆã‚‹XSS å¾“æ¥ã€XMLHttpRequestï¼ˆä»¥ä¸‹ã€XHRï¼‰ã¯ã€è¡¨ç¤ºã—ã¦ã„ã‚‹ãƒ‰ã‚ãƒ¥ãƒ¡ãƒ³ãƒˆã¨åŒã˜ã‚ªãƒªã‚¸ãƒ³ï¼ˆã‚ªãƒªã‚¸ãƒ³ã«ã¤ã„ã¦ã¯ç¬¬1å›žã‚’å‚ç…§ï¼‰ã¨ã—ã‹é€šä¿¡ã§ãã¾ã›ã‚“ã§ã—ãŸãŒã€ç¾åœ¨ã®ä¸»è¦ãªãƒ–ãƒ©ã‚¦ã‚¶ãƒ¼ã§ã¯XHR Level 2ã¨å‘¼ã°ã‚Œã‚‹å®Ÿè£…ã«ã‚ˆã‚Šã€ã‚ªãƒªã‚¸ãƒ³ã‚’è¶…ãˆã¦é€šä¿¡ã™ã‚‹ã“ã¨ãŒå¯èƒ½ã«ãªã£ã¦ã„ã¾ã™ã€‚ ã“ã‚Œã¯ã€Jav
hatanaoki 2014/03/18
security

XSS
ãƒªãƒ³ã‚¯
ã‚ˆãã‚ã‹ã‚‹PHPã®æ•™ç§‘æ›¸ PHP5.5å¯¾å¿œç‰ˆã®ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆãƒ»ã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚°
ãŸã«ãã¡ã¾ã“ã¨ã•ã‚“ã® ã‚ˆãã‚ã‹ã‚‹PHPã®æ•™ç§‘æ›¸ãŒã“ã®ãŸã³æ”¹ç‰ˆã•ã‚Œã¦ã€ã‚ˆãã‚ã‹ã‚‹PHPã®æ•™ç§‘æ›¸ ã€PHP5.5å¯¾å¿œç‰ˆã€‘ã¨ã—ã¦å‡ºç‰ˆã•ã‚Œã¾ã—ãŸã€‚æ—§ç‰ˆã¯mysqlé–¢æ•°ã‚’ä½¿ã£ã¦SQLå‘¼ã³å‡ºã—ã—ã¦ã„ã¾ã—ãŸãŒã€mysqlé–¢æ•°ãŒPHP5.5ã«ã¦éžæŽ¨å¥¨ã¨ãªã£ãŸãŸã‚ã®ç·Šæ€¥å¯¾å‡¦çš„ãªå†…å®¹ã¨ãªã£ã¦ã„ã‚‹ã‚ˆã†ã§ã™ã€‚ã¤ã¾ã‚Šã€å¾“æ¥mysqlé–¢æ•°ã‚’å‘¼ã³å‡ºã—ã¦ã„ãŸç®‡æ‰€ã‚’mysqliã®å‘¼ã³å‡ºã—ã«å¤‰æ›´ã—ãŸã¨ã„ã†ã®ãŒã€ä¸»ãªå¤‰æ›´ç‚¹ã®ã‚ˆã†ã§ã€ã“ã‚Œä»¥å¤–ã¯ã‚ã¾ã‚Šå¤‰æ›´ç‚¹ã¯è¦‹ã‚ãŸã‚Šã¾ã›ã‚“ã€‚ æ—¢ã«ã€Amazonã§ã¯ã€ç†±çƒˆãªèªè€…ã®æ–¹ã‹ã‚‰ã®è©³ç´°ã®ãƒ¬ãƒ“ãƒ¥ãƒ¼ãŒå±Šã„ã¦ã„ã¾ã™ã€‚ ç¥žæœ¬å¾¡é™è‡¨ï¼ è¨€ã‚ãšã¨çŸ¥ã‚ŒãŸPHPãƒ—ãƒã‚°ãƒ©ãƒŸãƒ³ã‚°æ›¸ç±ã®ãƒãƒ³ã‚°ã‚»ãƒ©ãƒ¼ã€‚ 2010å¹´9æœˆã«ç™ºå£²ã•ã‚ŒãŸå‰ä½œã®æ”¹è¨‚ç‰ˆã€‚ PHPã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚‚æœ€æ–°ã®5.5ã«å¯¾å¿œã€å†…å®¹ã¯å‰ä½œã¨æ®†ã©åŒã˜ã€‚ å°‘ã—å‰ã«å‰ä½œã‚’è³¼å…¥ã—ãŸæ–¹ã‚‚æœ¬æ›¸ã‚’è³¼å…¥ã—ãŸæ–¹ãŒã„ã„ã§ã—ã‚‡ã†ã€‚ ã€ä¸ç•¥ã€‘ ãã‚Œã«ã—ã¦ã‚‚ã€å¸¯ã®ã€Œï¼“ä¸‡äººã«èªã¾ã‚ŒãŸå®š
hatanaoki 2014/03/10
php

security

XSS
ãƒªãƒ³ã‚¯
å˜ç´”ã§ã¯ãªã„ã€æœ€æ–°ã€Œã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚°ã€äº‹æƒ…
å˜ç´”ã§ã¯ãªã„ã€æœ€æ–°ã€Œã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚°ã€äº‹æƒ…ï¼šHTML5æ™‚ä»£ã®ã€Œæ–°ã—ã„ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ãƒ»ã‚¨ãƒã‚±ãƒƒãƒˆã€ï¼ˆ2ï¼‰ï¼ˆ1/3 ãƒšãƒ¼ã‚¸ï¼‰ é€£è¼‰ç›®æ¬¡ çš†ã•ã‚“ã“ã‚“ã«ã¡ã¯ã€‚ãƒãƒƒãƒˆã‚¨ãƒ¼ã‚¸ã‚§ãƒ³ãƒˆã®ã¯ã›ãŒã‚ã‚ˆã†ã™ã‘ã§ã™ã€‚ç¬¬1å›žç›®ã¯ã€Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã®å¢ƒç•Œæ¡ä»¶ã§ã‚ã‚‹ã‚ªãƒªã‚¸ãƒ³ã¨ã„ã†æ¦‚å¿µã«ã¤ã„ã¦èª¬æ˜Žã—ã¾ã—ãŸã€‚ ç¾åœ¨ã®Webãƒ–ãƒ©ã‚¦ã‚¶ãƒ¼ã§ã¯ã€åŒä¸€ã‚ªãƒªã‚¸ãƒ³ã®ãƒªã‚½ãƒ¼ã‚¹ã¯åŒã˜ä¿è·ç¯„å›²ã«ã‚ã‚‹ã‚‚ã®ã¨ã—ã€ã‚ªãƒªã‚¸ãƒ³ã‚’è¶…ãˆãŸã‚¢ã‚¯ã‚»ã‚¹ã«ã¤ã„ã¦ã¯ãƒªã‚½ãƒ¼ã‚¹ã®æä¾›å…ƒãŒæ˜Žç¤ºçš„ã«è¨±å¯ã—ãªã„é™ã‚Šã¯ã‚¢ã‚¯ã‚»ã‚¹ã§ããªã„ã¨ã„ã†ã€ã€ŒåŒä¸€ã‚ªãƒªã‚¸ãƒ³ãƒãƒªã‚·ãƒ¼ï¼ˆSame-Origin Policyï¼‰ã€ã«å¾“ã£ã¦ãƒªã‚½ãƒ¼ã‚¹ã‚’ä¿è·ã—ã¦ã„ã¾ã™ã€‚ ãã®ä¿è·ç¯„å›²ã§ã‚ã‚‹ã‚ªãƒªã‚¸ãƒ³ã‚’è¶…ãˆã€ãƒªã‚½ãƒ¼ã‚¹ã«ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹æ”»æ’ƒã®ä»£è¡¨äº‹ä¾‹ã§ã‚ã‚‹ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚°ï¼ˆXSSï¼‰ã«ã¤ã„ã¦ã€ä»Šå›žã€ãŠã‚ˆã³æ¬¡å›žã®2å›žã«åˆ†ã‘ã€HTML5ã«ãŠã„ã¦ã‚ˆã‚Šé«˜åº¦åŒ–ã•ã‚ŒãŸæ”»æ’ƒã¨ã€ãã®å¯¾ç–ã‚’èª¬æ˜Žã—ã¾
hatanaoki 2013/12/18
XSS
ãƒªãƒ³ã‚¯
XSSå†å…¥é–€
4. å…¸åž‹çš„ãªXSSã‚µãƒ³ãƒ—ãƒ«ã«å¯¾ã™ã‚‹ã€Œç´ æœ´ãªç–‘å•ã€ â€¢ ã‚¯ãƒƒã‚ãƒ¼ã®å€¤ãŒã‚¢ãƒ©ãƒ¼ãƒˆã§è¡¨ç¤ºã•ã‚Œã¦ã‚‚ã€ç‰¹ã«å±é™ºæ€§ã¯ãªã„ã‚ˆ ã†ãªæ°—ãŒã™ã‚‹ â€¢ ã‚¯ãƒƒã‚ãƒ¼ã®å€¤ã¯ãƒ–ãƒ©ã‚¦ã‚¶ã®ã‚¢ãƒ‰ã‚ªãƒ³ãªã©ã§ã‚‚è¡¨ç¤ºã§ãã‚‹ã‚ˆã â€¢ ä»»æ„ã®JavaScriptãŒå®Ÿè¡Œã•ã‚Œã‚‹ã¨è¨€ã£ã¦ã‚‚ã€ãƒ›ãƒ¼ãƒ ãƒšãƒ¼ã‚¸ä½œ ã‚Œã°ä»»æ„ã®JavaScriptãŒæ›¸ã‘ã‚‹ã—ã€è¦‹ãŸäººã®ãƒ–ãƒ©ã‚¦ã‚¶ã§å®Ÿè¡Œ ã•ã‚Œã‚‹ã‚ˆãâ€¦ Copyright Â© 2013 HASH Consulting Corp. 4 5. ãã‚‚ãã‚‚ã®ç–‘å•ï¼šJavaScriptã¯å±é™ºã‹? â€¢ å®Ÿã¯ã€JavaScriptã®å®Ÿè¡Œè‡ªä½“ã¯å±é™ºã§ã¯ãªã„ â€¢ Webã¯ã€æœªçŸ¥ã®ï¼ˆã²ã‚‡ã£ã¨ã™ã‚‹ã¨æ‚ªæ„ã®ã‚ã‚‹?ï¼‰ã‚µã‚¤ãƒˆã‚’è¨ªå•ã— ã¦ã‚‚ã€Œæ‚ªã„ã“ã¨ã€ãŒèµ·ããªã„ã‚ˆã†ã«è¨è¨ˆã•ã‚Œã¦ã„ã‚‹ â€¢ JavaScriptã®ã€Œã‚µãƒ³ãƒ‰ãƒœãƒƒã‚¯ã‚¹ã€ã«ã‚ˆã‚‹ä¿è· â€“ JavaScriptã‹ã‚‰ãƒãƒ¼ã‚«ãƒ«ãƒ•ã‚¡ã‚¤ãƒ«ã«ã‚¢ã‚¯ã‚»ã‚¹ã§ããªã„ â€“ JavaScriptã‹ã‚‰ã‚¯ãƒªãƒƒãƒ—
hatanaoki 2013/08/26
XSS

security
ãƒªãƒ³ã‚¯
1