XSS technique without parentheses - The Spanner
Published 13 years 8 months ago • Last updated April 3, 2025 • â±ï¸ 2 min read ↠Back to articles This is a very old technique I discovered years ago which I used to bypass a filter and it's pretty awesome. It might come in handy to bypass a WAF or filter since it's not public until now. First you need to understand (which you probably do) that the window object is the default object in JavaScript a
XSS Challenge (ã‚»ã‚ュリティ・ミニã‚ャンプ in 岡山 2018 演習コンテンツ) Writeup - Szarny.io
ã¯ã˜ã‚ã« Writeup Case 01: Simple XSS 1 è§£ç” Case 02: Simple XSS 2 è§£ç” Case 03: With htmlspecialchars() è§£ç” Case 04-1: Without any backquotes and HTML tags è§£ç” Case 04-2: Without any backquotes, HTML tags and [ux] è§£ç” Case 05: Without any alphabets è§£ç” Case 06-1: Without any paretheses è§£ç” Case 06-2: Without any parentheses and [oO][nN] è§£ç” Case 06-3: Without any paretheses and .[oO].[nN].* è§£ç” Case 06-4: Withou
Web Application Penetration Testing Notes
XXE#Valid use case#This is a non-malicious example of how external entities are used: <?xml version="1.0" standalone="no" ?> <!DOCTYPE copyright [ <!ELEMENT copyright (#PCDATA)> <!ENTITY c SYSTEM "http://www.xmlwriter.net/copyright.xml"> ]> <copyright>&c;</copyright> Resource: https://xmlwriter.net/xml_guide/entity_declaration.shtml Testing methodology#Once you’ve intercepted the POST to the vulne
XSS Challenge (by y0n3uchy)
Introduction ã“れ㯠セã‚ュリティ・ミニã‚ャンプ in 岡山 2018 ã§æ¼”習コンテンツã¨ã—ã¦ä½¿ç”¨ã•ã‚ŒãŸ, *åˆå¦è€…å‘ã‘* ã® XSS Challenge ã§ã™ã€‚ alert('XSS') 㨠alert(document.domain) ã® 2 ã¤ã‚’, å„ページã§å®Ÿè¡Œã—ã¦ãã ã•ã„。ãŸã ã— document.domain == xss.shift-js.info ã¨ãªã‚‹ã‚ˆã†ã«ã—ã¾ã—ょã†ã€‚特段ã®æŒ‡ç¤ºãŒãªã„é™ã‚Š, 多ãã®å•é¡Œã§ã¯, ユーザーæ“作を必è¦ã¨ã™ã‚‹ã‚‚ã®(e.g. onclick)ã§ã‚‚構ã„ã¾ã›ã‚“。 CTF ã¨é•ã„, 特㫠alert ãŒç”Ÿã˜ã¦ã‚‚ FLAG ãŒè¡¨ç¤ºã•ã‚ŒãŸã‚Šã—ã¾ã›ã‚“ãŒ, alert('XSS') 㨠alert(document.domain) ãŒæ£ã—ã実行ã•ã‚Œã‚‹ã¨, "You win! :-)" ã¨ã ã‘表示ã•ã‚Œã¾ã™ã€‚alert を出ã—ã¦æ¥½ã—ã¿ã¾ã—ょã†ã€‚ã¾ãŸ pu
pixiv Bug Bounty Program 2018 - pixiv inside
ã“ã‚“ã«ã¡ã¯ã€ã‚»ã‚ュリティエンジニアã®koboã§ã™ã€‚ピクシブã§ã¯2016å¹´ã‚ˆã‚Šè„†å¼±æ€§å ±å¥¨é‡‘åˆ¶åº¦ã‚’é‹ç”¨ã—ã¦ã„ã¾ã™ãŒã€2018年度ã«å…¥ã£ã¦ã‹ã‚‰å ±å¥¨é‡‘ã®å¢—é¡ã‚„æ–°ã—ã„プラットフォームã¸ã®å‚å…¥ãªã©ã€ã“ã‚Œã¾ã§ã«å¢—ã—ã¦æ³¨åŠ›ã—ã¦ã„ã¾ã™ã€‚本記事ã§ã¯ã€æœ€è¿‘ã®ãƒ”クシブã®è„†å¼±æ€§å ±å¥¨é‡‘制度ã®å‹•å‘ã¨å®Ÿéš›ã«å ±å‘Šã•ã‚ŒãŸè„†å¼±æ€§ã®ä¾‹ã‚’紹介ã—ã¦ã„ãã¾ã™ã€‚ pixiv Bug Bounty Programã®æ¦‚è¦ æœŸé–“: 2016/04〜 支払ã„済ã¿å ±å¥¨é‡‘ç·é¡: 300万円程度 å ±å‘Šç·æ•°: 294件 ピクシブã§ã¯2å¹´åŠã»ã©ã«æ¸¡ã£ã¦è„†å¼±æ€§å ±å¥¨é‡‘制度を実施ã—ã¦ãã¾ã—ãŸãŒã€2018å¹´ã«å…¥ã£ã¦ã‹ã‚‰è„†å¼±æ€§å ±å‘Šã®ä»¶æ•°ã€ã‚¯ã‚ªãƒªãƒ†ã‚£å‘上ã®ç‚ºã«2ã¤ã®é‡è¦ãªå¤‰æ›´ã‚’è¡Œã„ã¾ã—ãŸã€‚ å ±å¥¨é‡‘ã®å¢—é¡ è„†å¼±æ€§ã‚’å ±å‘Šã™ã‚‹ãƒãƒƒã‚«ãƒ¼ã«å¯¾ã—ã¦ã“ã‚Œã¾ã§ã‚ˆã‚Šã‚‚高ã„インセンティブをæä¾›ã™ã‚‹ã“ã¨ã§å ±å‘Šã‚’促ã™ãŸã‚ HackerOneã¸ã®å‚å…¥ 世界最大ã®ãƒã‚°ãƒã‚¦ãƒ³ãƒ†ã‚£ãƒ—ラットフォーãƒ
WebUSBã§ãƒ¬ã‚¤ãƒ¤ãƒ¼ãŒä½Žã¾ã‚‹Web開発(Shibuya.XSS版)
Chrome 61ã‹ã‚‰ä½¿ãˆã‚‹ã‚ˆã†ã«ãªã£ãŸWebUSB APIを使ã£ã¦USBデãƒã‚¤ã‚¹ã¨ä¼šè©±ã™ã‚‹æ–¹æ³•ã‚’解説ã—ã¾ã™ã€‚ ã“ã‚Œã¯2017å¹´12月13æ—¥ã«è¡Œã‚れ㟠Shibuya.XSS techtalk #10 ã®ç™ºè¡¨è³‡æ–™ã§ã™ã€‚ ã“ã‚Œã¯2017å¹´9月23æ—¥ã«è¡Œã‚れ㟠第3回 カーãƒãƒ«ï¼VM探検隊@北陸ã§ã®ç™ºâ€¦
ImageMagickを使ã†Webアプリã®ã‚»ã‚ュリティ - 3. XSS・アクセス制御 - MBSD
本記事ã¯ImageMagick関連ã®è¨˜äº‹ã®3本目ã§ã™ã€‚ImageMagickã®æ—¢çŸ¥ã®è„†å¼±æ€§ã€ã‚·ã‚¹ãƒ†ãƒ æƒ…å ±ã®æ¼æ´©ãªã©ã®å•é¡Œã‚’扱ã£ãŸ1ã¤ç›®ã®è¨˜äº‹ã€DoSを扱ã£ãŸ2ã¤ç›®ã®è¨˜äº‹ã‚‚å‚ç…§ãã ã•ã„。 最終ã¨ãªã‚‹3回目ã®ä»Šå›žã¯ã€XSSã¨ã‚¢ã‚¯ã‚»ã‚¹åˆ¶å¾¡ã‚’å–り上ã’ã¾ã™ã€‚å‰æã¨ã™ã‚‹ç’°å¢ƒãªã©ã¯å‰å›žãƒ»å‰ã€…回ã¨åŒã˜ã§ã™ã€‚ ※ 記事ä¸ã§ã¯å³ã®ç•¥èªžã‚’使ã£ã¦ã„ã¾ã™ã€‚ IM = ImageMagickã€CW = CarrierWave アクセス制御ã®ä¸å‚™ åˆå›žã®è¨˜äº‹ã§è¿°ã¹ãŸã‚ˆã†ã«ã€ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã®çŠ¶æ…‹ã®CWã¯å…¬é–‹ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã«ã‚¢ãƒƒãƒ—ãƒãƒ¼ãƒ‰ã•ã‚ŒãŸãƒ•ã‚¡ã‚¤ãƒ«ã‚’ç½®ãã¾ã™ã€‚ファイルã®æœ€çµ‚çš„ãªä¿å˜å‰ã«ä¸€æ™‚çš„ã«ä½œæˆã•ã‚Œã‚‹ã‚ャッシュもåŒæ§˜ã§ã™ã€‚ ã“れらã®ãƒ•ã‚¡ã‚¤ãƒ«ã¯URLを推測ã§ãã‚Œã°èª°ã§ã‚‚å‚ç…§å¯èƒ½ã§ã™ã€‚
ブラウザ上ã§Markdownを安全ã«å±•é–‹ã™ã‚‹ - 葉ã£ã±æ—¥è¨˜
ä¸ç‰¹å®šã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒå…¥åŠ›ã—ãŸMarkdownをブラウザ上ã§JavaScriptを使ã£ã¦HTMLã«å¤‰æ›ã™ã‚‹ã¨ã„ã†å ´é¢ã«ãŠã„ã¦ã¯ã€JavaScriptã§å¤‰æ›ã—ã¦HTMLを生æˆã™ã‚‹ã¨ã„ã†å‡¦ç†ã®éƒ½åˆä¸Šã©ã†ã—ã¦ã‚‚DOM-based XSSã®ç™ºç”Ÿã‚’考ãˆãªã„ã‚ã‘ã«ã¯ã„ã‹ãªã„。ã‹ã¨ã„ã£ã¦ã€Markdownをパースã—HTMLを生æˆã™ã‚‹ã¨ã„ã†å‡¦ç†ã™ã¹ã¦ã‚’XSSãŒå˜åœ¨ã—ãªã„よã†ã«æ³¨æ„ã—ãªãŒã‚‰è‡ªåˆ†ã§æ›¸ãã®ã‚‚大変ã ã—ã€markedã‚„markdown-jsãªã©ã®æ—¢å˜ã®å¤‰æ›ç”¨ã®JSã‚’æŒã£ã¦ãã¦ã‚‚ãれらãŒXSSã—ãªã„ã‹ã‚’確èªã™ã‚‹ã®ã¯çµæ§‹å¤§å¤‰ã ã£ãŸã‚Šã™ã‚‹ã€‚ ãã†ã„ã£ãŸå ´åˆã«ã¯ã€Markdownã‹ã‚‰ç”Ÿæˆã•ã‚ŒãŸHTMLã‚’RickDOMを通ã™ã“ã¨ã§ã€ä¸‡ãŒä¸€HTML内ã«JavaScriptãŒå«ã¾ã‚Œã¦ã„ãŸã¨ã—ã¦ã‚‚ãれらを除外ã—ã€è¨±å¯ã•ã‚ŒãŸè¦ç´ ã€è¨±å¯ã•ã‚ŒãŸå±žæ€§ã ã‘ã§æ§‹ç¯‰ã•ã‚ŒãŸå®‰å…¨ãªHTMLã«å†æ§‹ç¯‰ã™ã‚‹ã“ã¨ãŒã§ãる。ã•ã‚‰ã«ã€ãã†ã‚„ã£ã¦ç”Ÿæˆ
Vue.js 㧠XSS を作り込ã¾ãªã„ãŸã‚ã«æ°—を付ã‘ã‚‹ã“㨠- ã‚»ã‚ュアスカイプラス
ã¯ã˜ã‚ã« ã¯ã˜ã‚ã¾ã—ã¦ã€ç¦å²¡ã‚ªãƒ•ã‚£ã‚¹ã§åƒã„ã¦ã„ã‚‹å‰å¹³ã§ã™ã€‚ ã‚»ã‚ュアスカイ・テクノãƒã‚¸ãƒ¼ã§ã¯ã€ã™ã§ã«ã„ãã¤ã‹ã®ã‚«ãƒ†ã‚´ãƒªã®ãƒ–ãƒã‚°ã‚’発信ã—ã¦ã„ã¾ã™ãŒã€æŠ€è¡“を気軽ã«ç™ºä¿¡ã—ãŸã‚Šã€ã‚¨ãƒ³ã‚¸ãƒ‹ã‚¢ãŒæ™®æ®µã®æ¥å‹™ã§ã©ã®ã‚ˆã†ãªæŠ€è¡“ã«è§¦ã‚Œã¦ã„ã‚‹ã®ã‹ã‚’紹介ã—ãŸã‚Šã™ã‚‹ã“ã¨ã‚’目的ã¨ã—ã¦ã€æ–°ã—ã「エンジニアブãƒã‚°ã€ãŒç«‹ã¡ä¸ŠãŒã‚Šã¾ã—ãŸã€‚ 本記事ã§ã¯ã€æœ€è¿‘ã«ãªã£ã¦ã‚ˆã†ã‚„ã (æ±—) 検証ã—㟠Vue.js ã§ã®ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆãƒ»ã‚¹ã‚¯ãƒªãƒ—ティング (XSS) ã«ã¤ã„ã¦ç´¹ä»‹ã—ã¾ã™ã€‚ ãªãŠã€æœ¬è¨˜äº‹ã®å†…容ã¯ç§è¦‹ã«åŸºã¥ãã‚‚ã®ã§ã‚ã‚Šã€æ‰€å±žçµ„織を代表ã™ã‚‹ã‚‚ã®ã§ã¯ã‚ã‚Šã¾ã›ã‚“。 å‰æ 本記事ã§ã¯ Vue.js を使ã£ã¦ XSS ã®è„†å¼±æ€§ã‚’作ã£ã¦ã—ã¾ã†ã‚ˆã†ãªã‚±ãƒ¼ã‚¹ã‚’説明ã—ã¾ã™ãŒã€ãã®ä»–ã® JavaScript ã®ãƒ©ã‚¤ãƒ–ラリ/フレームワークを使ã£ãŸå ´åˆã§ã‚‚åŒæ§˜ã®ãƒªã‚¹ã‚¯ãŒã‚ã‚‹å¯èƒ½æ€§ãŒã‚ã‚Šã¾ã™ã€‚ 検証ã§åˆ©ç”¨ã—ãŸãƒãƒ¼ã‚¸ãƒ§ãƒ³ Vue.js v2.5.16 (サ
How I found a $5,000 Google Maps XSS (by fiddling with Protobuf)
A few months ago, I used Google Maps. Or maybe Google Street View, I love Street View, it’s like a retrofuturistic way to teleport. Routinely, I looked at the address bar. Since sometime in 2014, parameters are not the mere query string they used to be. Instead, it’s a weird mash of alphanumeric characters separated by exclamation points. It’s abstruse, it has no public documentation whatsoever, i
Masato Kinugawa Security Blog: CVE-2018-5175: Firefoxã§CSPã®strict-dynamicãƒã‚¤ãƒ‘ス
English version is here: https://mksben.l0.cm/2018/05/cve-2018-5175-firefox-csp-strict-dynamic-bypass.html Firefox 60ã§ä¿®æ£ã•ã‚ŒãŸContent Security Policy(CSP)ã®strict-dynamicã‚’ãƒã‚¤ãƒ‘スã§ããŸè„†å¼±æ€§ã«ã¤ã„ã¦æ›¸ãã¾ã™ã€‚ https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5175 A mechanism to bypass Content Security Policy (CSP) protections on sites that have a script-src policy of 'strict-dynamic'. If a target
ランã‚ング
ランã‚ング
ãŠçŸ¥ã‚‰ã›
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
Stealing Amazon EC2 Keys via an XSS Vulnerability
XSS-Payloads/Without-Parentheses.md at master · RenwaX23/XSS-Payloads
Yet Another Chrome XSS Auditor Bypass - pythech's Blog
PayloadsAllTheThings/XSS injection at master · swisskyrepo/PayloadsAllTheThings · GitHub
Unleashing an Ultimate XSS Polyglot
5 Practical Scenarios for XSS Attacks | Pentest-Tools.com Blog
CTFtime.org / Meepwn CTF Quals 2018 / Grandline / Writeup
Amazon.co.jp: XSS Attacks: Cross Site Scripting Exploits and Defense (English Edition): Fogie, Seth: Digital Ebook Purchas
DivisionHex Cybersecurity Services
{{#tags}}- {{label}}
{{/tags}}