IBM DeveloperIBM Developer is your one-stop location for getting hands-on training and learning in-demand skills on relevant technologies such as generative AI, data science, AI, and open source.
コード入力 - tino_9000ã®æ—¥è¨˜
vimã§ã¯CTRL-Vを押ã—ã¦ã‹ã‚‰æ•°å—を入力ã™ã‚‹ã¨æ–‡å—コードã«ã‚ˆã‚‹å…¥åŠ›ãŒã§ãる。 10進数ã§å…¥åŠ›ã™ã‚‹ã—ã‹ãªã„ã¨æ€ã£ã¦ã„ãŸã‚‰ã€CTRL-V xã‚„CTRL-V uã§16進数入力ã§ãã‚‹ã“ã¨ãŒã‚ã‹ã£ãŸã€‚
UTF-8.jp
- WinMirror - ä»»æ„ã®ã‚¢ãƒ—リケーションã®ã‚¦ã‚£ãƒ³ãƒ‰ã‚¦ã‚„デスクトップをミラーリングã—ã¦è¡¨ç¤ºã§ãã¾ã™ã€‚ 解説: オンサイトã§ã®ç™»å£‡ã§è¿”ã—ã®ãƒ¢ãƒ‹ã‚¿ãƒ¼ãŒãªãã¦ã‚‚デモをやりやã™ãã™ã‚‹ãƒ„ールを作ã£ãŸ - SSTエンジニアブãƒã‚° - 音声å—幕機能付ãã®Webカメラ - Web Audio APIを使ã£ã¦ãƒžã‚¤ã‚¯å…¥åŠ›ã‚’スピーカーã‹ã‚‰å‡ºåŠ› - LTタイマー - JavaScriptã‚»ã‚ュリティã®åŸºç¤ŽçŸ¥è˜ï¼šé€£è¼‰ï½œgihyo.jp … 技術評論社 - HTML5時代ã®ã€Œæ–°ã—ã„ã‚»ã‚ュリティ・エãƒã‚±ãƒƒãƒˆã€ï¼ @IT - 教科書ã«è¼‰ã‚‰ãªã„Webアプリケーションセã‚ュリティ ï¼ ï¼ IT - 連載:本当ã¯æ€–ã„æ–‡å—コードã®è©±ï½œgihyo.jp … 技術評論社 - JSF*ck - encode JavaScript with only 6 letters - []()!+ (broken) JSF*ck demo
「予告.inã€ã«ä¸æ£ã‚³ãƒ¼ãƒ‰åŸ‹ã‚è¾¼ã¿ã€€é–²è¦§ã™ã‚‹ã¨2chã«çŠ¯è¡Œäºˆå‘ŠæŠ•ç¨¿
犯行予告åŽé›†ã‚µã‚¤ãƒˆã€Œäºˆå‘Š.inã€ã«8月3æ—¥ã€ä¸æ£ãªã‚³ãƒ¼ãƒ‰ãŒåŸ‹ã‚è¾¼ã¾ã‚Œã€ã‚¢ã‚¯ã‚»ã‚¹ã¨åŒæ™‚ã«ã€Œè¦è¦–åºçˆ†ç ´ã™ã‚‹ã€ã¨ã„ã†çŠ¯è¡Œäºˆå‘Šæ–‡ã‚’「2ã¡ã‚ƒã‚“ãã‚‹ã€ã«å¼·åˆ¶çš„ã«æŠ•ç¨¿ã•ã›ã‚‹å•é¡ŒãŒèµ·ããŸã€‚ç´„1時間åŠå¾Œã«ä¿®æ£ã•ã‚ŒãŸãŒã€é‹å–¶è€…ã®çŸ¢é‡Žã•ã¨ã‚‹ã•ã‚“ã¯ã€Œåˆ©ç”¨è€…ã«è¿·æƒ‘ã‚’ã‹ã‘ã¦ç”³ã—訳ãªã„ã€ã¨è¬ç½ªã—ã¦ã„る。 å•é¡ŒãŒç™ºç”Ÿã—ãŸã®ã¯ã€3æ—¥ã®åˆå‰2時18分ã‹ã‚‰3時55分。PCã§äºˆå‘Šinã«ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ã¨ã€2ã¡ã‚ƒã‚“ãã‚‹ã®VIPæ¿ã«ã€ã‚¿ã‚¤ãƒˆãƒ«ã€Œè¦è¦–åºçˆ†ç ´ã™ã‚‹ã€ã€æœ¬æ–‡ã€Œå˜˜ã§ã™ã€ã€åå‰æ¬„ã«ã‚¢ã‚¯ã‚»ã‚¹å…ƒãƒªãƒ¢ãƒ¼ãƒˆãƒ›ã‚¹ãƒˆã‚’書ã„ãŸã‚¹ãƒ¬ãƒƒãƒ‰ã‚’ã€å¼·åˆ¶çš„ã«æŠ•ç¨¿ã•ã›ã‚‹çŠ¶æ…‹ã«ãªã£ã¦ã„ãŸã€‚ クãƒã‚¹ã‚µã‚¤ãƒˆã‚¹ã‚¯ãƒªãƒ—ティング(XSS)ã®è„†å¼±æ€§ã‚’ã¤ãã€äºˆå‘ŠæŠ•ç¨¿æ¬„ã«ä¸æ£ãªã‚³ãƒ¼ãƒ‰ãŒåŸ‹ã‚è¾¼ã¾ã‚Œã¦ã„ãŸã“ã¨ãŒåŽŸå› 。投稿欄ã®URL部分ã«ã‚¨ã‚¹ã‚±ãƒ¼ãƒ—処ç†ï¼ˆä¸æ£ãªæ–‡å—列を無効化ã™ã‚‹å‡¦ç†ï¼‰ã‚’è¡Œã£ã¦ã„ãªã‹ã£ãŸãŸã‚ã€æ‚ªæ„ã‚るコードを投稿欄ã®URL部分ã«åŸ‹ã‚込んã å ´åˆã€ã‚³ãƒ¼ãƒ‰ã‚’実行ã•ã›ã‚‹å±é™ºæ€§ãŒ
[ã‚»ã‚ュリティ]javascript://ã®XSS 00:17 - 2008-07-30 - T.Teradaã®æ—¥è¨˜
ã“ã‚“ãªå ´åˆã€æ™®é€šã¯javascriptã‚„dataスã‚ームãªã©ã‚’使ã£ã¦XSSã•ã›ã‚‹ã®ã§ã—ょã†ã€‚ <a href="ã“ã“ã«HTMLエンコードã•ã‚Œã¦å…¥ã‚‹">link</a> ã—ã‹ã—ã€ã“ã®ã‚¢ãƒ—リã¯ã€Œjavascript://...ã€ã®ã‚ˆã†ã«ã€å…ˆé ã‹ã‚‰ã‚¢ãƒ«ãƒ•ã‚¡ãƒ™ãƒƒãƒˆæ•°æ–‡å—ãŒç¶šãã€ãã®ç›´å¾Œã«ã€Œ://ã€ãŒä»˜ã„ã¦ã„る値以外ã¯ã€ã‚¨ãƒ©ãƒ¼ã§ã¯ã˜ã„ã¦ã—ã¾ã„ã¾ã™ã€‚ ã“ã®ã€Œ:ã€ã®ã‚ã¨ã®ã€Œ//ã€ãŒæ›²è€…ã§ã™ã€‚ dataスã‚ーマを試ã—ã¦ã¿ã¾ã—ãŸãŒã€ã€Œ//ã€ãŒã‚ã‚‹ã¨ã©ã†ã‚„らダメらã—ã„ã¨ã„ã†ã“ã¨ã§ã€javascriptスã‚ームã§é ‘å¼µã£ã¦ã¿ã¾ã™ã€‚ ã¾ãšã¯ã“ã‚“ãªæ„Ÿã˜ã§ã™ã€‚ <a href="javascript://hoge[0x0A]alert(111)">link</a> 「//ã€ãŒè¡Œã‚³ãƒ¡ãƒ³ãƒˆã®é–‹å§‹ã«ãªã‚‹ãŸã‚ã€[0x0A](LF)や[0x0D][0x0A](CRLF)を入れã¦ã¿ã¦ã€ãã®å¾Œã«å‹•ã‹ã—ãŸã„JavaScriptコードを
![[ã‚»ã‚ュリティ]javascript://ã®XSS 00:17 - 2008-07-30 - T.Teradaã®æ—¥è¨˜](https://cdn-ak-scissors.b.st-hatena.com/image/square/3ce21f422dafba32f7c257ef3ed09227bfdd2c5e/height=288;version=1;width=512/https%3A%2F%2Fogimage.blog.st-hatena.com%2F10257846132711010800%2F10257846132711092219%2F1548045373)
[ãã®ä»–]ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆåˆ¶å¾¡æ–‡å— - 2008-06-23 - T.Teradaã®æ—¥è¨˜
ECMA-262 3rd Edition(和訳)を見ã¦ã„ãŸã‚‰ã€7ç« ã«ã“ã‚“ãªã“ã¨ãŒæ›¸ã„ã¦ã‚ã‚‹ã®ã‚’見ã¤ã‘ã¾ã—ãŸã€‚ フォーマット制御文å—㯠ECMAScript プãƒã‚°ãƒ©ãƒ ã®ã‚½ãƒ¼ã‚¹ãƒ†ã‚ストã®ã©ã®å ´æ‰€ã«å‡ºç¾ã—ã¦ã‚‚よã„。ã“れらã®æ–‡å—ã¯ã€å—å¥æ–‡æ³•ã‚’é©ç”¨ã™ã‚‹å‰ã«ã‚½ãƒ¼ã‚¹ãƒ†ã‚ストã‹ã‚‰å–り除ã‹ã‚Œã‚‹ã€‚æ–‡å—列ã¨æ£è¦è¡¨ç¾ãƒªãƒ†ãƒ©ãƒ«ã®å‡¦ç†å‰ã«ã“れらã®æ–‡å—ãŒå–り除ã‹ã‚Œã‚‹ã®ã§ã€æ–‡å—列ã€æ£è¦è¡¨ç¾å†…ã« Unicode 制御文å—を入れるã«ã¯ Unicode エスケープシーケンス (セクション 7.6) を使用ã—ãªã‘ã‚Œã°ãªã‚‰ãªã„。 This Document has Moved ã–ã£ã¨Cfカテゴリ(プãƒãƒ‘ティ)ã®æ–‡å—ã§èª¿ã¹ã¦ã¿ã‚‹ã¨ã€IEã§ã¯ç„¡è¦–ã•ã‚Œã‚‹ï¼ˆå–り除ã‹ã‚Œã‚‹ï¼‰ã“ã¨ã¯ã‚ã‚Šã¾ã›ã‚“ã§ã—ãŸãŒã€Firefox2ã§ã¯ä»¥ä¸‹ã®æ–‡å—ãŒç„¡è¦–ã•ã‚Œã¾ã—ãŸã€‚ U+200C: ZERO WIDTH NON-JOINER U+200D: ZERO WID
![[ãã®ä»–]ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆåˆ¶å¾¡æ–‡å— - 2008-06-23 - T.Teradaã®æ—¥è¨˜](https://cdn-ak-scissors.b.st-hatena.com/image/square/2d9bb2ae5f6c6f018decdbb90d46c4ce47c42dde/height=288;version=1;width=512/https%3A%2F%2Fogimage.blog.st-hatena.com%2F10257846132711010800%2F10257846132711092503%2F1548045400)
IE ã«ãŠã‘ã‚‹ "expression" ã®éŽå‰°æ¤œå‡ºã«ã‚ˆã‚‹ XSS 㮠誘å›
IE ã«ãŠã‘ã‚‹ "expression" ã®éŽå‰°æ¤œå‡ºã«ã‚ˆã‚‹ XSS ã® èª˜å› 2006-08-31-1: [Security] http://archive.openmya.devnull.jp/2006.08/msg00369.html IE ã§ã¯ expression(å¼) をスタイルシート内ã§è¨˜è¿°ã™ã‚‹ã“ã¨ã§ JavaScript を記述ã™ã‚‹ã“ã¨ãŒã§ãã‚‹ã®ã¯æœ‰åã§ã™ãŒï¼Œ IE ã«ã‚ˆã‚‹ expression ã®æ¤œå‡ºãŒã‚„ãŸã‚‰éŽå‰°ã§ XSS を引ãèµ·ã“ã—ã‚„ã™ã„ã¨ã„ã†ã“ã¨ã‚‰ã—ã„. 実態å‚照やコメントã®æŒ¿å…¥ï¼ŒUnicode æ–‡å—,全角文å—ã§è¨˜è¿°ã—ã¦ã‚‚ expression ã¨ã—ã¦æ¤œå‡ºã•ã‚Œã‚‹ï¼Ž 詳細ã¯ï¼Œä¸Šè¨˜ã‚µã‚¤ãƒˆã‚ˆã‚Šå¼•ç”¨ï¼Ž IE ã§ã¯ã€ä»¥ä¸‹ã®ã‚ˆã†ãªã‚¹ã‚¿ã‚¤ãƒ«ã‚’記述ã™ã‚‹ã“ã¨ã§ã€JavaScript を動作ã•ã›ã‚‹ ã“ã¨ãŒå¯èƒ½ã§ã™ã€‚ 1) <style>ブãƒãƒƒã‚¯å†…ã§ã®å®šç¾© <style>input { l
Tamper Data – Get this Extension for 🦊 Firefox (ja)
Use tamperdata to view and modify HTTP/HTTPS headers and post parameters. Trace and time http response/requests. Security test web applications by modifying POST parameters. FYI current version of Google Web Accelerator is incompatible with the tampering function of TamperData. Your browser will crash. A few people have asked about donations. If you are so inclined, consider donating to the Toront
XSS (Cross Site Scripting) Cheat Sheet
XSS (Cross Site Scripting) Cheat Sheet Esp: for filter evasion By RSnake Note from the author: XSS is Cross Site Scripting. If you don't know how XSS (Cross Site Scripting) works, this page probably won't help you. This page is for people who already understand the basics of XSS attacks but want a deep understanding of the nuances regarding filter evasion. This page will also not show you how to
printenv at xss-quiz.int21h.jp
printenv at xss-quiz.int21h.jp Your IP address: 133.242.243.6 () NameValue HTTP_ACCEPT*/* HTTP_CACHE_CONTROLno-cache HTTP_CONNECTIONclose HTTP_HOSTxss-quiz.int21h.jp HTTP_USER_AGENTHatenaBookmark/4.0 (Hatena::Bookmark; Analyzer) QUERY_STRING REMOTE_ADDR133.242.243.6 REQUEST_METHODGET REQUEST_SCHEMEhttp REQUEST_URI/
UTF-7 XSS Cheat Sheet
Countermeasures against XSS with UTF-7 are: Specify charset clearly (HTTP header is recommended) Don't place the text attacker can control before <meta> Specify recognizable charset name by browser. For more information about UTF-7 trick, see "Cross-site scripthing with UTF-7". These XSS patterns are tested on IE6 and IE7. Yosuke HASEGAWA <[email protected]> Last modified: 2008-01
Brad Cable - Main
“ Everything developed during the last two centuries has come from a composite lab, where hundreds, even thousands of research workers work. There is no such thing as an inventor in this century. Maybe I just like to play private games with electronic components. Anyhow, I enjoy it. I get most if not all of my pleasure in this world from creating circuits that ultimately do nothing. †— Philip K.
XSS (Cross Site Scripting) Cheatsheet: Esp: for filter evasion - by RSnake
By RSnake Note from the author: If you don't know how XSS (Cross Site Scripting) works, this page probably won't help you. This page is for people who already understand the basics of XSS but want a deep understanding of the nuances regarding filter evasion. This page will also not show you how to mitigate these risks or how to write the actual cookie/credential stealing portion of the
yohgaki's blog - ã„ã‚ã„ã‚変ã‚ã£ãŸXSSãŒã‚ã‚Šã¾ã™ãŒ...
(Last Updated On: 2007å¹´10月12æ—¥)ç§ãŒçŸ¥ã‚‰ãªã‹ã£ãŸã ã‘ã‹ã‚‚ã—ã‚Œã¾ã›ã‚“ãŒã€ã“ã‚Œã«ã¯ã‹ãªã‚Šé©šãã¾ã—ãŸã€‚ã„ã‚ã‚“ãªæ‰€ã§å•é¡ŒãŒæŒ‡æ‘˜ã•ã‚Œã¦ã„ã¾ã™ãŒã€ECMAScriptã«XMLæ©Ÿèƒ½ã‚’è¿½åŠ ã—ãŸã®ã¯ã©ã†ãªã‚“ã§ã—ょã†ã…. 確ã‹ã«ã‹ãªã‚Šä¾¿åˆ©ãªã®ã§ã™ãŒä»¥ä¸‹ã®ã‚³ãƒ¼ãƒ‰ã§ã‚¹ã‚¯ãƒªãƒ—トãŒå®Ÿè¡Œã•ã‚Œã‚‹ã“ã¨ã¯ã»ã¨ã‚“ã©çŸ¥ã‚‰ã‚Œã¦ã„ãªã„ã§ã—ょã†ã。 <script> 123[â€+<_>ev</_>+<_>al</_>](â€+<_>aler</_>+<_>t</_>+<_>(1)</_>); </script> 好むã¨å¥½ã¾ã–る関係ãªãFirefox 1.5ã‹ã‚‰ä½¿ãˆã‚‹ã®ã§Web開発者ã¯çŸ¥ã£ã¦ãŠã‹ãªã‚Œã°ãªã‚‰ãªã„ã§ã™ã€‚ 日本語訳 http://www.ne.jp/asahi/nanto/moon/specs/ecma-357.html 原文 http://www.ecma-international.org/pu
HTML::StripScriptsã§XSS対ç–ã‚’ã™ã‚‹ - Kentaro Kuribayashi's blog
先日公開ã—ãŸã€Œã¯ã¦â˜†ã™ãŸã‚¢ãƒ³ã‚±ãƒ¼ãƒˆã€ã«ã¦ã€ã‚¢ãƒ³ã‚±ãƒ¼ãƒˆã®èª¬æ˜Žæ–‡ã‚’ã¯ã¦ãªè¨˜æ³•ã§æ›¸ã‘るよã†ã€æ©Ÿèƒ½è¿½åŠ ã‚’è¡Œã£ãŸã€‚ãã®éš›ã€Template::Plugin::Hatenaを用ã„ãŸã€‚ã“ã‚Œã¯ã€ã¯ã¦ãªè¨˜æ³•ãƒ‘ーサã§ã‚ã‚‹Text::Hatena(æ£ç¢ºã«ã¯ã€ãã®ãƒ´ã‚¡ãƒ¼ã‚¸ãƒ§ãƒ³0.16以下)をã€Template::Toolkitã®ãƒ—ラグインã¨ã—ã¦ä½¿ãˆã‚‹ã‚ˆã†ã«ã—ãŸã‚‚ã®ã§ã‚る。 ã¯ã¦ãªè¨˜æ³•ã¯ã€ãれ自体ã§å…¨ã¦ã®æ–‡æ›¸æ§‹é€ を表ç¾ã§ãã‚‹ã€ã‚ã‚‹ã„ã¯ã€ã¯ã¦ãªãƒ€ã‚¤ã‚¢ãƒªã®ã‚·ã‚¹ãƒ†ãƒ 自体ã¯ã€ã¯ã¦ãªè¨˜æ³•ã®ã¿ã—ã‹è¨±å®¹ã—ãªã„ã¨ã„ã†ã‚‚ã®ã§ã¯ãªãã€ãŸã¨ãˆã°ç”»åƒã‚’貼る際ã«ã¯ã€æ™®é€šã«imgè¦ç´ を書ãå¿…è¦ãŒã‚ã‚‹ã—ã€ã¾ãŸã€ãã®ä»–ã®è¦ç´ ã«ã¤ã„ã¦ã‚‚ã€è¨˜æ³•ãŒç”¨æ„ã•ã‚Œã¦ã„ãªã„ã‚‚ã®ã«ã¤ã„ã¦ã¯ã€ã€Œã¯ã¦ãªãƒ€ã‚¤ã‚¢ãƒªãƒ¼ã®ãƒ˜ãƒ«ãƒ— - ã¯ã¦ãªãƒ€ã‚¤ã‚¢ãƒªãƒ¼åˆ©ç”¨å¯èƒ½ã‚¿ã‚°ã€ã«æŽ²è¼‰ã•ã‚Œã¦ã„ã‚‹ã‚‚ã®ã«é™ã‚Šã€è‡ªåˆ†ã§ã‚¿ã‚°ã‚’書ãã“ã¨ãŒã§ãる。ã“ã‚Œã¯è‡ªç”±åº¦ã‚’高ã‚ã‚‹åé¢ã§ã€XSSを誘発ã—得る潜在的ãªãƒª
クライアントサイドã§ã®XSS対ç–
(Last Updated On: 2007å¹´8月1æ—¥)詳ã—ãã¯ãƒªãƒ³ã‚¯å…ˆã‚’見ã¦é ‚ãã¨ã—ã¦ã€XSS㯠クライアントサイドã§ç™ºç”Ÿã™ã‚‹ 通常JavaScriptã§ç™ºç”Ÿã™ã‚‹ ã¨è¨€ã†ç‚¹ç€ç›®ã—ã¦ã‚¹ã‚¯ãƒªãƒ—トã«ã‚µã‚¤ãƒ³ã‚’付ã‘クライアントå´ã§ã‚‚XSSを検出ã—よã†ã¨è¨€ã†è©±ã§ã™ã€‚フェイルセーフ対ç–ã¨ã—ã¦ã¯æœ‰ç”¨ã ã¨æ€ã„ã¾ã™ã€‚Flash, PDF, Javaãªã©ã®ã‚ªãƒ–ジェクトã«ã‚‚サインã™ã‚Œã°ã‚ˆã‚Šè‰¯ã„ã¨æ€ã„ã¾ã™ã€‚サインã•ãˆä»˜ã‘ã¦ãŠã‘ã°ã‚ã¨ã¯æ±ºã¾ã£ãŸJavaScriptコードを全ã¦ã®ãƒšãƒ¼ã‚¸ã«è¿½åŠ ã™ã‚‹ã ã‘ãªã®ã§ãã‚Œã»ã©é›£ã—ã„対ç–ã§ã¯ã‚ã‚Šã¾ã›ã‚“。
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
http://www.xssed.com/article/15/Cross_Site_Scripting_-_Attack_and_Defense_guide/
http://www.st.ryukoku.ac.jp/~kjm/security/ml-archive/memo/2006.09/msg00004.html
Security for GWT Applications - Google Web Toolkit | Google グループ
http://blogged-on.de/xss/
{{#tags}}- {{label}}
{{/tags}}